Encrypted PGP Disk volume not protected by default
Posted: Tue Jan 16, 2007 11:53 am
I'm using an encrypted PGP Disk volume mountet as drive T:
notepad.exe running sandboxed is nevertheless able creating, deleting and editing files permantly on drive T: - breakthrough Sandboxie
Online help gives an example for an solution for another product "TrueCrypt":
[GlobalSettings]
HarddiskVolume=\Device\TrueCryptVolumeT
HarddiskVolume=T:
In my case I looked in the device manager and found a device named PGPdisk and added this line to my Sandboxie.ini.
HarddiskVolume=\Device\PGPdisk,asis
Now my PGP volume T: is protected and can't be modified by sandboxed programs.
Question:
I found many other devives listed in the device manager - which I do not exactly know . Example: ASPI32, FileDisk, mountmgr, pagedfrg, ...
Are these all possible security holes ?
Maybe there exists an device that can access the computer file system, or the disk at low level - and a sandboxed Programm will establish an connection to this device (that resides outside the sandbox) and then use this device to modify something outside the sandbox ? Maybe the topic "Paragon Partition Manager breakthrough Sandboxie" is the same problem - a device installed outside the sandbox is contacted from inside the sandbox ?
It it possible permitting all direct device access inside the sandbox, so that an encrypted PGP Disk volume and other products are protected by default ?
notepad.exe running sandboxed is nevertheless able creating, deleting and editing files permantly on drive T: - breakthrough Sandboxie
Online help gives an example for an solution for another product "TrueCrypt":
[GlobalSettings]
HarddiskVolume=\Device\TrueCryptVolumeT
HarddiskVolume=T:
In my case I looked in the device manager and found a device named PGPdisk and added this line to my Sandboxie.ini.
HarddiskVolume=\Device\PGPdisk,asis
Now my PGP volume T: is protected and can't be modified by sandboxed programs.
Question:
I found many other devives listed in the device manager - which I do not exactly know . Example: ASPI32, FileDisk, mountmgr, pagedfrg, ...
Are these all possible security holes ?
Maybe there exists an device that can access the computer file system, or the disk at low level - and a sandboxed Programm will establish an connection to this device (that resides outside the sandbox) and then use this device to modify something outside the sandbox ? Maybe the topic "Paragon Partition Manager breakthrough Sandboxie" is the same problem - a device installed outside the sandbox is contacted from inside the sandbox ?
It it possible permitting all direct device access inside the sandbox, so that an encrypted PGP Disk volume and other products are protected by default ?