The 4.16 change log says "A security problem reported by a user has been fixed: hard links could be created outside the sandbox. CreateHardLink API is now blocked."
This is not a fix, it's a serious loss of functionality. Software does actually use this API. One example of probably many: pip (the Python package installer) no longer works in a sandbox because it uses CreateHardLink for file locking.
The Git for Windows install now takes 250 MB inside a sandbox, instead of the advertised 100 MB, because the ~100 hardlinked copies of git.exe (git-add.exe, git-annotate.exe, etc.) become actual copies instead.
Please fix this properly, by blocking hardlinks outside the sandbox but permitting hardlinks that stay inside it.
Hard links don't work
Moderator: Barb@Invincea
Re: Hard links don't work
Did hard links never work correctly? I downgraded to 4.14 and I can create links outside the sandbox (breaking the sandboxing) but still can't create them inside.
In any case, please fix this. I think it's a simple fix: ensure that the source file is inside the sandbox (copying it if appropriate - the same logic as opening a file for writing), and map the target path into the sandbox. I think the bug in 4.14 and earlier was just that it didn't translate the target path.
In any case, please fix this. I think it's a simple fix: ensure that the source file is inside the sandbox (copying it if appropriate - the same logic as opening a file for writing), and map the target path into the sandbox. I think the bug in 4.14 and earlier was just that it didn't translate the target path.
-
Curt@invincea
- Sandboxie Lead Developer
- Posts: 1638
- Joined: Fri Jan 17, 2014 5:21 pm
- Contact:
Re: Hard links don't work
No, they never worked correctly. Hardlinks were going right out of the sandbox. And unfortunately, it is not a simple fix. We will consider this for a future release.
I am interested in knowing how many people are running into issues with hardlinks. This is the 1st report we've had.
I am interested in knowing how many people are running into issues with hardlinks. This is the 1st report we've had.
Last edited by Curt@invincea on Fri May 22, 2015 4:32 pm, edited 1 time in total.
Reason: more info
Reason: more info
Re: Hard links don't work
I've tried using hardlinks in the past, usually for putting specific game files onto a ramdisk temporarily but never got it to work with SBIE so I dealt with the extra lag instead. (This specific scenario was related to Diablo III back when I still played it on a hardcore server and loading lag could be a huge disaster!) I would like to see hardlinks being usable but protected, yet again just like the deletion thread, it's not on my priority list atm.
I'd prefer to see some real bugs being resolved first but if numbers are any evidence, I'm currently the only one who wants forced programs on XP checked and the runas sandbox deletion bug fixed.
I'd prefer to see some real bugs being resolved first but if numbers are any evidence, I'm currently the only one who wants forced programs on XP checked and the runas sandbox deletion bug fixed.
This account has been abandoned. If you need to PM me, please send a message to Syrinx.
Re: Hard links don't work
Can you explain why? What goes wrong with the fix I suggested?Curt@invincea wrote:And unfortunately, it is not a simple fix.
Are you sure you aren't thinking of directory junctions or symlinks? Hard links can't cross volume boundaries.btm wrote:I've tried using hardlinks in the past, usually for putting specific game files onto a ramdisk temporarily
Who is online
Users browsing this forum: No registered users and 0 guests
