Run a program ouside of the sandbox!!
IE: Windows / Microsoft Update or run FF out of the sandbox to update the extensions / themes
This feature shoud override the "forced programs" option...
An easy-to-implement feature
-
SBIE User
Both of these functions are available already, but not as specifically named features. Perhaps you know that and are just asking for specific settings focused on these particular actions like updating Windows or adding extensions to Firefox, but both can be done quite easily already from the existing GUI.
In case you're not aware of that, here's how I do both of these. If you already know this, perhaps the info will help someone else.
Windows Update
Just before opening IE and selecting Tools/Windows Update, I open the Sandboxie GUI and select Options/Temporarily Disable Forced Programs. Then I have 10 seconds to start IE. Once IE opens outside the sandbox, I can take as long as needed to do the updates. (The 10 second deadline is built into Sandboxie and only applies to starting a forced program outside the sandbox.)
Update or Add Firefox Bookmarks, Extensions and Themes
I have Firefox as a forced program, but I allow updates transparently by adding the following setting in the Sandboxie config file under [Default Box]:
OpenFilePath=firefox.exe,C:\Program Files\Mozilla Firefox\defaults\profile
That allows any changes I make to my Firefox bookmarks, themes or extensions to be made outside the sandbox.
Hope that helps you or someone else.
SBIE (Happy) User
In case you're not aware of that, here's how I do both of these. If you already know this, perhaps the info will help someone else.
Windows Update
Just before opening IE and selecting Tools/Windows Update, I open the Sandboxie GUI and select Options/Temporarily Disable Forced Programs. Then I have 10 seconds to start IE. Once IE opens outside the sandbox, I can take as long as needed to do the updates. (The 10 second deadline is built into Sandboxie and only applies to starting a forced program outside the sandbox.)
Update or Add Firefox Bookmarks, Extensions and Themes
I have Firefox as a forced program, but I allow updates transparently by adding the following setting in the Sandboxie config file under [Default Box]:
OpenFilePath=firefox.exe,C:\Program Files\Mozilla Firefox\defaults\profile
That allows any changes I make to my Firefox bookmarks, themes or extensions to be made outside the sandbox.
Hope that helps you or someone else.
SBIE (Happy) User
Nice summary SBIE User, just one small addition:
(in Sandboxie.ini)
[GlobalSettings]
...
ForceProcess=...
ForceDisableSeconds=30
You can set any number of seconds.
The ForceDisable period ends as soon as you launch one of the forced processes, or when the configured (or defaulted) number of seconds has elapsed.
10 seconds is a built-in default, but it is configurable:(The 10 second deadline is built into Sandboxie and only applies to starting a forced program outside the sandbox.)
(in Sandboxie.ini)
[GlobalSettings]
...
ForceProcess=...
ForceDisableSeconds=30
You can set any number of seconds.
The ForceDisable period ends as soon as you launch one of the forced processes, or when the configured (or defaulted) number of seconds has elapsed.
tzuk
-
SBIE User
-
Unknown_User_458
- Posts: 0
- Joined: Wed Dec 31, 1969 7:00 pm
Unsafe use of Firefox profiles?
Is this example given by "SBIE user" safe?
If you look at the File Copy Options, (Configuration / Sandbox settings / Set File Copy Options) there are check boxes which include "Allow Mozilla Firefox full access to profile files, such as bookmarks and extensions (NOT Recommended)". If however you ignore the negative recommendation, it allows access to the full Profiles folder (see the resulting Sandboxie.ini file) . I don't know why this is unsafe - which is why I am asking here. Maybe it's the access to registry keys which is unsafe?
(Actually my folder structure is different - I use XP, maybe "SBIE user" uses a different implementation of Windows?)
The reason I ask is that I want to include parts of the profiles - the passwords and bookmarks. However as bookmarks are implemented as html files is this why this is unsafe?
If you look at the File Copy Options, (Configuration / Sandbox settings / Set File Copy Options) there are check boxes which include "Allow Mozilla Firefox full access to profile files, such as bookmarks and extensions (NOT Recommended)". If however you ignore the negative recommendation, it allows access to the full Profiles folder (see the resulting Sandboxie.ini file) . I don't know why this is unsafe - which is why I am asking here. Maybe it's the access to registry keys which is unsafe?
(Actually my folder structure is different - I use XP, maybe "SBIE user" uses a different implementation of Windows?)
The reason I ask is that I want to include parts of the profiles - the passwords and bookmarks. However as bookmarks are implemented as html files is this why this is unsafe?
This is why it's not recommended:Lord HiperiX wrote:I don't know why this is unsafe - which is why I am asking here. Maybe it's the access to registry keys which is unsafe?
(Emphasis mine.) You may want to share just the sandboxed bookmarks with the outside system, but effectively you are sharing the enitre profile folder, including extensions and themes.SBIE User wrote:That allows any changes I make to my Firefox bookmarks, themes or extensions to be made outside the sandbox.
If you think that's just fine, ignore my negative recommendation, and Just Do It.
tzuk
-
Unknown_User_458
- Posts: 0
- Joined: Wed Dec 31, 1969 7:00 pm
Thanks tzuk for the answer. I have implemented a more restricted access to profiles. i.e. only bookmarks and passwords via adding this to the configuration sandboxie.ini file
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\xxxxxxx.default\bookmarks.html
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\xxxxxxx.default\signons.txt
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\xxxxxxx.default\key3.db
(xxxxxxx is my particular FF profiles folder)
This works fine. I prefer not to allow access to extensions outside the sandbox, not because I know of any particular risk but just to be safe as I don't have an extension which needs this access.
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\xxxxxxx.default\bookmarks.html
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\xxxxxxx.default\signons.txt
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\xxxxxxx.default\key3.db
(xxxxxxx is my particular FF profiles folder)
This works fine. I prefer not to allow access to extensions outside the sandbox, not because I know of any particular risk but just to be safe as I don't have an extension which needs this access.
Who is online
Users browsing this forum: No registered users and 1 guest
