Page 1 of 1
(un)sandboxing of already running applications
Posted: Mon Dec 25, 2006 5:08 am
by OwenBurnett
I dont know how complicated it would be but
I would like the abbility to can sandbox an program allready loaded outside the sandbox.
And the ability to move an sandboxed application outside the sandbox
without having to restart it.
Owen
Posted: Tue Dec 26, 2006 5:09 pm
by tzuk
The first request, apply sandboxing to an active process is so difficult, I'm not sure it's even possible. But even if it is, it's still a lot of work.
The same applies to the second request, unless we simplify it:
It should be possible to stop applying sandboxing rules to new objects as they are accessed, so then you end up with a "half sandboxed" (or maybe "mostly sandboxed") running program.
But the objects that are already in-use stay in the sandbox, so I don't see how this way of stopping sandbox, is any good at all.
Posted: Wed Dec 27, 2006 4:36 am
by OwenBurnett
I have expected somethink like this,
but I think for booth requests it would be sufficient to apply it only to new created file/registry handles,
how would it work for Pipes and such objects?
Owen
Posted: Sat Dec 30, 2006 2:08 pm
by Guest
I'm sure unboxing will crash many applications.
An item is created in the sandbox, then the app is unboxed and tries to access this item again... Sandboxie has to make sure the right version of this item is accessed then.