Page 1 of 1
Hard links don't work
Posted: Thu May 21, 2015 10:38 pm
by benrg
The 4.16 change log says "A security problem reported by a user has been fixed: hard links could be created outside the sandbox. CreateHardLink API is now blocked."
This is not a fix, it's a serious loss of functionality. Software does actually use this API. One example of probably many: pip (the Python package installer) no longer works in a sandbox because it uses CreateHardLink for file locking.
The Git for Windows install now takes 250 MB inside a sandbox, instead of the advertised 100 MB, because the ~100 hardlinked copies of git.exe (git-add.exe, git-annotate.exe, etc.) become actual copies instead.
Please fix this properly, by blocking hardlinks outside the sandbox but permitting hardlinks that stay inside it.
Re: Hard links don't work
Posted: Fri May 22, 2015 1:02 am
by benrg
Did hard links never work correctly? I downgraded to 4.14 and I can create links outside the sandbox (breaking the sandboxing) but still can't create them inside.
In any case, please fix this. I think it's a simple fix: ensure that the source file is inside the sandbox (copying it if appropriate - the same logic as opening a file for writing), and map the target path into the sandbox. I think the bug in 4.14 and earlier was just that it didn't translate the target path.
Re: Hard links don't work
Posted: Fri May 22, 2015 11:35 am
by Curt@invincea
No, they never worked correctly. Hardlinks were going right out of the sandbox. And unfortunately, it is not a simple fix. We will consider this for a future release.
I am interested in knowing how many people are running into issues with hardlinks. This is the 1st report we've had.
Re: Hard links don't work
Posted: Fri May 22, 2015 8:55 pm
by btm
I've tried using hardlinks in the past, usually for putting specific game files onto a ramdisk temporarily but never got it to work with SBIE so I dealt with the extra lag instead. (This specific scenario was related to Diablo III back when I still played it on a hardcore server and loading lag could be a huge disaster!) I would like to see hardlinks being usable but protected, yet again just like the deletion thread, it's not on
my priority list atm.
I'd prefer to see some real bugs being resolved first but if numbers are any evidence, I'm currently the only one who wants
forced programs on XP checked and the runas
sandbox deletion bug fixed.
Re: Hard links don't work
Posted: Sun May 24, 2015 7:49 pm
by benrg
Curt@invincea wrote:And unfortunately, it is not a simple fix.
Can you explain why? What goes wrong with the fix I suggested?
btm wrote:I've tried using hardlinks in the past, usually for putting specific game files onto a ramdisk temporarily
Are you sure you aren't thinking of directory junctions or symlinks? Hard links can't cross volume boundaries.