Sandboxie Support

Support Forum for Sandboxie
https://forums.sandboxie.com/phpBB3/

low integrity level

https://forums.sandboxie.com/phpBB3/viewtopic.php?f=4&t=10657

Page 1 of 1

low integrity level

Posted: Sat Jun 04, 2011 3:38 am
by blasev
additional on the dropright feature
so a user can choose to use low integrity level instead of medium integrity (if UAC is tuned On)

Posted: Sat Jun 04, 2011 10:43 am
by tzuk
No, that can't work. Low integrity level means a program can't access anything and is supposed to be designed so another process does the "sensitive" stuff on its behalf. For example, a low integrity IE tab process uses the medium integrity IE main process.

Posted: Sat Jun 04, 2011 11:07 am
by _is_m00nbl00d
tzuk wrote:No, that can't work. Low integrity level means a program can't access anything and is supposed to be designed so another process does the "sensitive" stuff on its behalf. For example, a low integrity IE tab process uses the medium integrity IE main process.
Perhaps there could be a way to manage that.

I run Chromium with an explicit low integrity level. That is, both the broker and children processes run with a low integrity level. It's possible to use it as normal, one just needs to set certain places to a low integrity level as well, so that we can download files, for example.

But, that aside, even if I just set Chromium to a low integrity level only, and nothing else, by running Chromium inside Sandboxie, I can download, etc just fine. Sandboxie functions as the broker "process" (medium integrity).

Perhaps you could work something around that?

Posted: Sat Jun 04, 2011 12:46 pm
by tzuk
I don't have any plans to add this feature into Sandboxie at this time.

But since you say that you can start Chrome in the sandbox with low integrity, then I'm not sure why you need Sandboxie to address this issue in some way.

However, if you explain here how to start programs in the sandbox with low integrity, and if some months from now, enough people report that they've been regularly using this and not seeing any problems with most programs, then I might add something like this similar to Drop Rights.

Posted: Sat Jun 04, 2011 12:54 pm
by _is_m00nbl00d
tzuk wrote:[...]
But since you say that you can start Chrome in the sandbox with low integrity, then I'm not sure why you need Sandboxie to address this issue in some way.[...]
Oh, I don't need Sandboxie to do that. I can do it on my own. ;D

I just thought of mentioning it, due to Blasev's request. Nothing else, really. :)

Posted: Wed Jun 08, 2011 12:32 pm
by blasev
Thx for the straight answer tzuk

I was thingking that I can use other internet browser with low integrity to add another layer of protection. But it seem it won't be necessary for now
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/