Two requests - Integrity levels and Java

[HungryMan]

Two separate requests

1) Would it be possible to have the sandboxed programs run at Low Integrity by default/ with an option.

If the entire sandbox is set to low integrity this should have no effect on compatibility. It only changes things when an item leaves the sandbox in the instance of a breakout.


2) It would be nice if I could sandbox Java without sandboxing Chrome. Currently this crashes the browser and Java. I don't want Chrome sandboxed, I trust Chrome's security as is and I don't really want to stack anything onto it and needlessly increase attack surface/ possibly cause incompatibilities with the security built in.

[is_m00nbl00d]

Regarding the low integrity level feature, I believe Didier Stevens brought it to discussion in past, and Tzuk's answer was no. Didier Stevens was suppose to provide a "Contributed Utility", but I've never seen it in that section. Maybe it's there and I just missed it.

Anyway, I hope my memory isn't playing any tricks with me.

[HungryMan]

Eh, that's alright. Low integrity is nice but it's not really a priority and if people enabled it without thinking they'd screw up compatibility.

The Java thing would still be nice. I don't want Chrome in a Sandbox but I'd like Java in one.

[Scale]

Eh, that's alright. Low integrity is nice but it's not really a priority and if people enabled it without thinking they'd screw up compatibility.

The Java thing would still be nice. I don't want Chrome in a Sandbox but I'd like Java in one.

Maybe i am incorrect, but can't you add java.exe and javaw.exe to the forced programs but not chrome?
Your might have to open certain communication channels to allow it to interact with chrome though.