Page 1 of 1

[.04] XP SP3, Drop Rights/Forced programs issue

Posted: Tue Mar 12, 2013 1:21 pm
by bo.elam
Hi tzuk, I noticed since the first beta for version 4 that the only way to get Forced programs to work in my XP SP3 is to disable Drop rights. If Drop rights is enabled, I get SBIE message 2203.

Thanks

Bo

Posted: Tue Mar 12, 2013 3:20 pm
by DR_LaRRY_PEpPeR
Drop Rights doesn't even do anything anyway, at least for file/reg. permissions (as far as Denying the Administrators group). Although it must change things in other ways, since it breaks/freezes stuff trying to connect to the Interent (crashing SbieSvc), causes total denial-of-service in certain circumstances (run Process Explorer sandboxed) that can only be fixed by restarting the computer, etc.

Did you try Forced Programs with Drop Rights on something that does NOT try to connect to the Internet? (I didn't.) Also, I believe you'll get the same 2203 message (I think that's what it was, after SbieSvc crashes) with Drop Rights if you manually do Run Sandboxed (e.g. not forced)...


I don't know if this stuff is just on XP (I've done very limited testing on 64-bit 7), but I can't believe the people that are using it "for real" and say that everything works like before... :shock: :? I think I'm going to try to work around the issues (if I'm not forgetting anything) and try to carefully run it "in production" soon (on XP of course) to evaluate further, like my sandboxed Firefox+EMET issues.

Dropping rights with SRP seems to work fine when launching Forced sandboxed programs (not via Run Sandboxed though), so that should still allow me to have dropped rights I guess, if there's not something else being missed by not enabling it in SBIE. It seems to be equivalent in 3.x.

Posted: Tue Mar 12, 2013 3:43 pm
by bo.elam
Hi Larry, about if I tried Forced Programs with Drop Rights on something that does NOT try to connect to the Internet, yes, I tried most programs that I sandbox and force, including some that I don't allow to connect: KMPlayer, WMP, Foxit, Word and Excel. I don't allow internet on any of their respective sandboxes and they all gave me message 2203 when I close the sandbox. In my case, all programs give me the message. If I don't enable Drop rights, all programs work well as forced except Excel and Word.

About whether this issue exist on other systems, I can tell you that up to beta .02, on my W7 32 bits, I did not experience this issue. There were other issues but I haven't tried .03 on it yet to see if its better now.

Bo

Posted: Wed Mar 13, 2013 5:49 pm
by tzuk
I fixed this problem and this will be corrected in the next beta I release. Apologize about the inconvenience. This was caused due to some special handling for Drop Rights on Vista and later, which was incorrectly applied on XP as well. So just a minor bug, not related to the effect that Drop Rights has on security.

There was a similar problem report here:
http://www.sandboxie.com/phpbb/viewtopic.php?t=14826

Posted: Wed Mar 13, 2013 9:49 pm
by bo.elam
Nice, thanks.

Bo

Posted: Mon Mar 18, 2013 12:27 pm
by tzuk
Related topic:
http://www.sandboxie.com/phpbb/viewtopic.php?t=14826

Fixed in version 4.01.04.

Posted: Tue Mar 19, 2013 12:05 am
by bo.elam
Yes, its fixed for all programs in my computer except Excel and Word.

When I click a Word or Excel file, this is what I see for either program:

Image

I ll use Word as an example. Sandboxie doesn't give messages when I click on a Word file, Word runs in the sandbox. The funny thing is that if I navigate to a Word file (File>Open) from the UI in the picture, the file runs sandboxed in the Office sandbox and it gets displayed as it should.

So, I think, Word and Excel are working forced somewhat but something is keeping the file from being displayed properly when it is a forced program. XP SP3 32Bits. Microsoft Office Professional Edition 2003.

Tzuk, this version feels great, no messages from SBIE whatsoever.:)

Bo