Important security improvement

LittleBiG · Post by **LittleBiG** » Wed Sep 12, 2007 9:07 am

There is a big security problem in sandboxie now. If I go into the sandbox directly (sandboxes directory), I can run the program out of the sandbox. There is maybe by chance. If there is a virus in it, it activate and infect the computer.

It would be better this:
If I ran anything in the sandbox directory it would run in sandbox (even I ran by non sandboxed windows explorer). If it was a non runnable file, the associated program would run in the sandbox. So sandboxed files cannot harm the real system.

tzuk · Post by **tzuk** » Wed Sep 12, 2007 11:03 am

I beg to differ: Not everything can be slapped with the "security problem" label. This is no more a security problem than if you copied the suspicious document file to C:\ and then opened it there.

Fixing this involves creating a new component that integrates into the Windows shell, and monitors document files as they open. To tell you the truth, personally I don't like programs that integrate into the shell, so I'm not excited about creating one.

Probably best way to avoid this is make a habit to use right-click "Run Sandboxed" to open suspicious programs and documents, even when you're exploring the sandbox.

LittleBiG · Post by **LittleBiG** » Wed Sep 12, 2007 4:13 pm

Sorry, I didn't want to affront you. I think if a program is made for security reasons and there is a (easy or hard) way to pass round, it is a security problem. But in this situation probably you didn't want isolate sandbox. Only a temporary place for files, what the user can delete or recover files from it. Nothing less and nothing more.

I don't know the code of Sandboxie, but I think you're wrong. There's no need to write new component. As your program supervise an exe file (for example "firefox.exe") and force it ot run in the sandbox, you can supervise the path too. ("C:\Program Files\Mozilla") For example by a new setting called ForcedFilePath in ini file. And the path may be the sandbox path also. All executables on that path would forced to run in sandbox.

Forget my first opinion about non runnable files. There's no need to force them into the sandbox.

Kind regards, LittleBiG

dlguild · Post by **dlguild** » Wed Sep 12, 2007 5:41 pm

LittleBiG, perhaps a point of clarification is in order. As long as the sandbox is still active, when you browse to and run an executable found in the sandbox it will run sandboxed in my experience, even if you browse to it unsandboxed. If however you close the sandboxed application and leave the files in the box, then run an executable contained therein, it will not be sandboxed.

For example, sandbox your browser and leave it running. Copy calc.exe or notepad.exe or something into the sandbox from explorer unsandboxed. Now execute it from outside the sandbox. You will see that it is sandboxed. Close the browser and run again and it will not be sandboxed. At least that is the way it works on my setup.

To me the request is a bit like asking anti-virus software to catch viruses even when you have it turned off (OK not quite the same).

SnDPhoenix · Post by **SnDPhoenix** » Thu Sep 13, 2007 3:57 am

It's not really a security error, it's more of a user error, see, a sandboxed process would not be able to open the sandbox in an unsandboxed explorer and then execute itself unsandboxed, only you can open the sandbox in an unsandboxed explorer and then execute the file in question. So it's really more of a user fault in my opinion, but yeah, i can see where your coming from though.

Guest · Post by **Guest** » Thu Sep 13, 2007 4:25 am

dlguild wrote:LittleBiG, perhaps a point of clarification is in order. As long as the sandbox is still active, when you browse to and run an executable found in the sandbox it will run sandboxed in my experience, even if you browse to it unsandboxed. If however you close the sandboxed application and leave the files in the box, then run an executable contained therein, it will not be sandboxed.

I have tried it and I realize you're right.

dlguild wrote:For example, sandbox your browser and leave it running. Copy calc.exe or notepad.exe or something into the sandbox from explorer unsandboxed. Now execute it from outside the sandbox. You will see that it is sandboxed. Close the browser and run again and it will not be sandboxed. At least that is the way it works on my setup.

You're very right, too!! And it will run the correct sandbox also. It means the feature I suggested is almost ready. Only it needs to extend to working when there is no sandboxed process.

dlguild wrote:To me the request is a bit like asking anti-virus software to catch viruses even when you have it turned off (OK not quite the same).

I agree it is not the same. Because I don't turn off Sandboxie service, only a process in it.

LittleBiG · Post by **LittleBiG** » Thu Sep 13, 2007 5:04 am

Tzuk and SnDPhoenix: OK, ok. I did draw the long bow with security problem I admit. As I said, Sandboxie doesn't want to be looked more than it is.

Tzuk: I want to know your opinion about ForcedFilePath settings. Is it stupid idea? Or is it implementable hard? It will be so comfortable: I write a setting "C:\ForcedFilePath=C:\Program Files\Internet", and I install all my internet or harmful programs there. (for example browsers, torrents, chat programs etc.) And I don't need to specify all exe file one by one.

And if I protect me from running files in the sandbox by chance unsandboxed, I have to keep running a small process in the sandbox permanently. It is not too comfort but may works.

(The previous guest was me too, but I forgot to write my name.)

tzuk · Post by **tzuk** » Thu Sep 13, 2007 10:18 am

dlguild wrote:LittleBiG, perhaps a point of clarification is in order. As long as the sandbox is still active, when you browse to and run an executable found in the sandbox it will run sandboxed in my experience, even if you browse to it unsandboxed. If however you close the sandboxed application and leave the files in the box, then run an executable contained therein, it will not be sandboxed.

LittleBiG (?) wrote:You're very right, too!! And it will run the correct sandbox also. It means the feature I suggested is almost ready. Only it needs to extend to working when there is no sandboxed process.

LittleBiG wrote:And if I protect me from running files in the sandbox by chance unsandboxed, I have to keep running a small process in the sandbox permanently. It is not too comfort but may works.

What are you guys talking about? If I start an EXE file from a sandbox folder, it always starts sandboxed in the corresponding sandbox. It doesn't care if that corresponding sandbox is already running something or not. Which is exactly as I designed Sandboxie.

LittleBiG wrote:I want to know your opinion about ForcedFilePath settings. Is it stupid idea? Or is it implementable hard?

It's a nice idea, was already made as a feature request a while ago. I agreed to do it, and I will do it. But there are some things I consider more important.

dlguild · Post by **dlguild** » Thu Sep 13, 2007 12:39 pm

tzuk wrote:What are you guys talking about? If I start an EXE file from a sandbox folder, it always starts sandboxed in the corresponding sandbox. It doesn't care if that corresponding sandbox is already running something or not. Which is exactly as I designed Sandboxie.

Sorry Tzuk, you are right. I had a configuration error in my [TestBox] which apparently was affecting the behavior. I keep forgetting that some settings are boolean in nature. It's now working as expected in v21.

tzuk · Post by **tzuk** » Thu Sep 13, 2007 6:58 pm

Oh, ok, great, I was hoping it would turn out alright and we wouldn't have to figure out the inconsistent behavior.

Sandboxie Support

Important security improvement

Important security improvement

Who is online