4.17 Beta Available (Latest Version 4.17.8)

[cornflake]

Windows 7 Home Premium 64 bit - Sandboxie 4.17.6 Beta

I am having trouble with copy/paste hyperlinks in Gmail using both Firefox (latest official release) and Internet Explorer. The result of the hyperlink paste is plain text. I have no problem copy/paste hyperlinks in Yahoo Mail.

I rolled back to Sandboxie 4.17.3 Beta and the problem no longer exists. I rolled back to 4.17.3 because I had not previously downloaded 4.17.4 or 4.17.5.

I'm still on 4.17.5 Windows 7 x64 and I do a lot of copy and paste (text only) in and out of sandboxes. I haven't had any problem.

[bjm]

Windows 7 Home Premium 64 bit - Sandboxie 4.17.6 Beta

I am having trouble with copy/paste hyperlinks in Gmail using both Firefox (latest official release) and Internet Explorer. The result of the hyperlink paste is plain text. I have no problem copy/paste hyperlinks in Yahoo Mail.

I rolled back to Sandboxie 4.17.3 Beta and the problem no longer exists. I rolled back to 4.17.3 because I had not previously downloaded 4.17.4 or 4.17.5.

I'm still on 4.17.5 Windows 7 x64 and I do a lot of copy and paste (text only) in and out of sandboxes. I haven't had any problem.

Text only is not an issue. I have copy live link paste as plain text in a Community I frequent. I've confirmed 4.17.6 copy as hyper paste as plain text.
Is Curt aware ....?

[Domochevsky]

Windows 7 Home Premium 64 bit - Sandboxie 4.17.6 Beta

I am having trouble with copy/paste hyperlinks in Gmail using both Firefox (latest official release) and Internet Explorer. The result of the hyperlink paste is plain text. I have no problem copy/paste hyperlinks in Yahoo Mail.

I rolled back to Sandboxie 4.17.3 Beta and the problem no longer exists. I rolled back to 4.17.3 because I had not previously downloaded 4.17.4 or 4.17.5.

I'm still on 4.17.5 Windows 7 x64 and I do a lot of copy and paste (text only) in and out of sandboxes. I haven't had any problem.

Text only is not an issue. I have copy live link paste as plain text in a Community I frequent. I've confirmed 4.17.6 copy as hyper paste as plain text.
Is Curt aware ....?

Additionally, it seems to strip out any data that isn't plain text, even when used inside a single sandbox.
I just noticed this with the latest version .8 and Eclipse, which I have fully sandboxed. I can't copy classes and references to methods, and imports aren't updated either on paste. It's all plain text.
(Plus, Eclipse hangs for a moment on every copy or paste operation, for about 2 sec.)

[Buster]

It is not box_name but FileRootPath where occurs the sporadic problem.
box_name of course dictates FileRootPath where %SANDBOX% is specified.

e.g.
fail FileRootPath=C:\Sandbox\BUCKAROO\0
pass FileRootPath=C:\Sandbox\BUCKAROO\01
pass FileRootPath=C:\Sandbox\BUCKAROO\012
fail FileRootPath=C:\Sandbox\BUCKAROO\0123
fail FileRootPath=C:\Sandbox\BUCKAROO\01234
pass FileRootPath=C:\Sandbox\BUCKAROO\012345
pass FileRootPath=C:\Sandbox\BUCKAROO\0123456

I confirm this bug using this -> http://www.google.com/chrome/eula.html?standalone=1 installer and I can see the pattern in the FileRootPath.

Lets take the example of BUCKAROO, count the length of the path and compute (length modulo 4)

fail FileRootPath=C:\Sandbox\BUCKAROO\0 Length=21 (21 % 4) = 1
pass FileRootPath=C:\Sandbox\BUCKAROO\01 Length=22 (22 % 4) = 2
pass FileRootPath=C:\Sandbox\BUCKAROO\012 Length=23 (23 % 4) = 3
fail FileRootPath=C:\Sandbox\BUCKAROO\0123 Length=24 (24 % 4) = 0
fail FileRootPath=C:\Sandbox\BUCKAROO\01234 Length=25 (25 % 4) = 1
pass FileRootPath=C:\Sandbox\BUCKAROO\012345 Length=26 (26 % 4) = 2
pass FileRootPath=C:\Sandbox\BUCKAROO\0123456 Length=27 (27 % 4) = 3

As you can see the failing FileRootPath are those having a result of 0 or 1 though when Run As UAC Administrator is marked doesn't produce any problem in my end(Windows 8.1 x64)

Is this bug going to be solved before 4.18 goes out?

[BUCKAROO]

Is this bug going to be solved before 4.18 goes out?

Process Exit status =
(-1073740940) C0000374
STATUS_HEAP_CORRUPTION

A C/C++ compiler isn't likely to generate code with alignment problems, so
an undocumented function or internal structure has changed in Windows 8...
one might say, Sandboxie hasn't full and correct support for Windows 8.

Affects: all Sandboxie versions.
Effective workaround: Windows 7.

Now, on the latest Sandbox leak:
It should've been fixed on the spot, but not so much as a sticky-tape fix?
XP's safe and Sbie 3.x is immune. For SOME protection, latest InjectDll...

[bjm]

Hi BUCKAROO
Um, respectfully. Any chance you can explain (dumb down for me) your comment = SBIE does not fully support W8.

Does your comment refer to W8.1.x or simply lack of support for W8.

I follow akong as best I can. SRP in theory.

After theory I'm lost as how SRP and Isolation cross paths.
R U suggesting SBIE Isolation in W8/W8.1.x is not as tight/tuned as in W7....?

[BUCKAROO]

Hi BUCKAROO
Um, respectfully. Any chance you can explain (dumb down) your comment = SBIE does not fully support W8.

My comment there was not meant to imply Sbie in W8+ was weaker. This wasn't the huge matter (of the mentioned leak), but just a glaring bug. Likely a string function passed the incorrect parameters, pinpointing the woes of hooking undocumented Windows internals which are subject to change in minor or major ways with each Windows release or Update. Subtle ways in which things change only become evident later that support for something was incomplete all along. It is a small incompatibility if anything, and good if it is. Fixing it, I maintain, will solve other unexplainable problems, existing and yet to be reported.

I am suggesting incompatibilities manifest as such bugs.

The real fun with Win 10 will be supporting Spartan as it is a metro app. There are a lot of changes in the Win 10 kernel and OS, but we have a top notch reverse engineer slogging through all the assembly code.

It goes without saying that compatibility will be a slowly but gradually increasing thing, and Sbie is closing in on 100% for what it does, to the extent that it does. Expect teething problems come W10.

I follow as best I can. SRP in theory.

SRP is an unrelated thing, I was just helping a guy out; I am not pushing SRP myself. However, since I was in a position to hot-patch the latest leak in Sandboxie, about which I am, we are, being purposely vague, my latest InjectDll does just that but in very slapdash manner. Done with as much insight as the next person and little investigation given to what is the real reason Sandboxed programs can obtain a privileged handle to many unsandboxed processes.

[bjm]

Hi BUCKAROO

RE: SRP
Just realized I wrote "I follow..."

LOL ~ I meant. I try to understand not that I employ SRP

Sorry, my bad choice of words.

Thanks again.

[Curt@invincea]

4.18 is now available.

http://forums.sandboxie.com/phpBB3/view ... =2&t=21204

[cornflake]

4.28 is now available.

http://forums.sandboxie.com/phpBB3/view ... =2&t=21204

You mean 4.18 I'm sure. Two questions:

Is the InjectDll issue discussed earlier in this thread a security vulnerability and are there any vulnerabilities that you are aware of that are not fixed in 4.18?

I'm still using 4.17.5. I've been keeping a close eye on my copy and paste since some other people reported problems with it. I recently copied some text from the command console to notepad (neither sandboxed) and I noticed the text I copied had all forward slashes stripped out of it. It was really weird and I know I wasn't using sandboxie for either program (I may have switched to a sandboxed program in between the copy and the paste) but I wonder if that could in any way be related to sandboxie, specifically are you aware of something in sandboxie that strips forward slashes / out of clipboard text, like a sanitizer?

Thanks

[Buster]

Is this bug going to be solved before 4.18 goes out?

Process Exit status =
(-1073740940) C0000374
STATUS_HEAP_CORRUPTION

A C/C++ compiler isn't likely to generate code with alignment problems, so
an undocumented function or internal structure has changed in Windows 8...
one might say, Sandboxie hasn't full and correct support for Windows 8.

Affects: all Sandboxie versions.
Effective workaround: Windows 7.

Why this bug report has not received a single comment since it was reported even when it has been confirmed?

[Curt@invincea]

4.28 is now available.

http://forums.sandboxie.com/phpBB3/view ... =2&t=21204

You mean 4.18 I'm sure. Two questions:

Is the InjectDll issue discussed earlier in this thread a security vulnerability and are there any vulnerabilities that you are aware of that are not fixed in 4.18?

I'm still using 4.17.5. I've been keeping a close eye on my copy and paste since some other people reported problems with it. I recently copied some text from the command console to notepad (neither sandboxed) and I noticed the text I copied had all forward slashes stripped out of it. It was really weird and I know I wasn't using sandboxie for either program (I may have switched to a sandboxed program in between the copy and the paste) but I wonder if that could in any way be related to sandboxie, specifically are you aware of something in sandboxie that strips forward slashes / out of clipboard text, like a sanitizer?

Thanks

The InjectDll issue has not been addressed yet. That is next on my task list.

I have resolved many of the clipboard issues, though there will probably be more. The old clipboard code was making assumptions about the type of data being copied. We eventually ran into a situation where this caused SbieSvc to crash (STATUS_HEAP_CORRUPTION). It didn't happen often, but having SbieSvc crash is not good. Unfortunately, applications can and do make their own type of clipboard data formats. Each of these will have to be examined by us individually to determine how to handle them in SbieSvc.

[cornflake]

4.28 is now available.

http://forums.sandboxie.com/phpBB3/view ... =2&t=21204

You mean 4.18 I'm sure. Two questions:

Is the InjectDll issue discussed earlier in this thread a security vulnerability and are there any vulnerabilities that you are aware of that are not fixed in 4.18?

I'm still using 4.17.5. I've been keeping a close eye on my copy and paste since some other people reported problems with it. I recently copied some text from the command console to notepad (neither sandboxed) and I noticed the text I copied had all forward slashes stripped out of it. It was really weird and I know I wasn't using sandboxie for either program (I may have switched to a sandboxed program in between the copy and the paste) but I wonder if that could in any way be related to sandboxie, specifically are you aware of something in sandboxie that strips forward slashes / out of clipboard text, like a sanitizer?

Thanks

The InjectDll issue has not been addressed yet. That is next on my task list.

I have resolved many of the clipboard issues, though there will probably be more. The old clipboard code was making assumptions about the type of data being copied. We eventually ran into a situation where this caused SbieSvc to crash. It didn't happen often, but having SbieSvc crash is not good. Unfortunately, applications can and do make their own type of clipboard data formats. Each of these will have to be examined by us individually to determine how to handle them in SbieSvc.

Thanks for the quick reply. I need the integrity of the clipboard at all costs. For example that text I copied from the command console was a private key in base64. It was missing all the forward slashes. That was really serious for me. Luckily I still had the open console. I copied again and no problem. I don't want to be an irritant but back to my question, is/was there something in sandboxie that can strip forward slashes out of text? I'd much prefer it until the clipboard issue is resolved that no copy take place or even fill it a short message saying the copy failed. What I cannot have is data that looks like the real data but isn't. This again assuming my problem has something to do with sandboxie, but I don't know. I will be sure to upgrade to 4.18 as soon as I can.

Also: Any advice on mitigating the InjectDll issue? Is there any workaround?

[BUCKAROO]

Also: Any advice on mitigating the InjectDll issue? Is there any workaround?

My latest InjectDll is the one and only, temporary, plug for the 4.x hole, currently, and forever the only way to mitigate the handle acquisition leak for Sandboxie versions that date prior to an official fix. I wouldn't bring it up otherwise.

[cornflake]

Also: Any advice on mitigating the InjectDll issue? Is there any workaround?

My latest InjectDll is the one and only, temporary, plug for the 4.x hole, currently, and forever the only way to mitigate the handle acquisition leak for Sandboxie versions that date prior to an official fix. I wouldn't bring it up otherwise.

Thanks for working on it. Is there a simple description of the hole somewhere? I found the thread hard to follow.