[.06] Links clicked in unsandboxed programs open two instanc

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
barny
Posts: 42
Joined: Mon Mar 25, 2013 2:08 pm

[.06] Links clicked in unsandboxed programs open two instanc

Post by barny » Fri Apr 26, 2013 11:42 am

Sandboxie 4.01.06 beta
Win 7 SP1 x64

If Firefox 20.0.1 is running sanboxed and I click a hyperlink in an unsandboxed program, like Thunderbird, two unsandboxed instances of Firefox launch with the link opened in it. The link does not open in the sandboxed version of Firefox.

Guest10
Posts: 5124
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Post by Guest10 » Fri Apr 26, 2013 8:37 pm

In Sandboxie 3.76 there was a workaround that could allow an unsandboxed program to open a tab in a running instance of sandboxed Firefox, but that workaround does not work in 4.01.
I don't see why you would have 2 unsandboxed instances of Firefox open, though.
If that happens when running Firefox unsandboxed, you might try deleting the sessionstore.js and sessionstore.bak files in the Firefox profile folder, then restarting Firefox unsandboxed.
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007

barny
Posts: 42
Joined: Mon Mar 25, 2013 2:08 pm

Post by barny » Thu May 02, 2013 10:08 am

I was using the .reg workaround tzuk mentioned here, with the addition of changing permissions on those registry keys, to stop Firefox from changing those registry keys every time it started (which undid the fix). Without the permissions change, the .reg solution did not work.

This was working fine for me in 3.x, but with 4.x betas this is not longer working. I tried Mike's workaround here, and while that allows unsandboxed programs to open links in sandboxed Firefox, it has a couple of problems:

1) I can no longer open an unsandboxed version of Firefox when a sandboxed version is already open.
2) If I click on a URL in KeePass password manager, the link opens in sandboxed Firefox fine, but KeePass displays an eror dialog saying "An error occurred in sending the command to the application."

Any ideas why the previous .reg fix with my additional permissions modification no longer works with 4.x betas ?

barny
Posts: 42
Joined: Mon Mar 25, 2013 2:08 pm

Post by barny » Thu May 16, 2013 11:42 am

My mistake - I wasn't using tzuk's .reg workaround, but was using a similar workaround which made the same changes but to different keys:

HKEY_CURRENT_USER\Software\Classes\FirefoxHTML\shell\open\ddeexec
HKEY_CURRENT_USER\Software\Classes\FirefoxURL\shell\open\ddeexec

I then changed permissions for these keys (and subkeys), for the standard user account that Firefox runs under when running in the sandbox, to Deny "Set Value" and "Delete". All other permissions were left the same (ie. Effective permissions on these keys for standard user account were Full control, apart from these two which were denied). This stopped Firefox from deleting the relevant keys on startup. NOTE: As you can't change permissions from the standard user account, you have to run regedit as admin, and then determine which key under HKEY_USERS corresponds to the standard user account. If you have one admin account and one standard user account, you should probably have two keys which look like S-1-5-21-NNNNNNNNN-NNNNNNNNN-NNNNNNNNNN-NNNNN (where N are different digits) - one of these is for the admin account and the other for the satndard user account. When you find out which one mirrors the standard user account, just make the changes to the above two keys (but substituing HKEY_CURRENT_USER with HKEY_USERS\S-1-5-21-NNNNNNNNN-NNNNNNNNN-NNNNNNNNNN-NNNNN)

My solution above with the permissions was preferable to Mike's as there were no side-effects.

One of the problems with Sandboxie 4.01.xx betas is that sandboxed Firefox no longer runs under standard user account, but instead runs under the user account, "NT AUTHORITY\ANONYMOUS LOGON". I'm guessing that this means Firefox is using different registry path to the above two keys, but I haven't been able to work out what they are.

If I can find out which keys relate to "NT AUTHORITY\ANONYMOUS LOGON", I'm hopeful that the same trick may work with Sandboxie 4.01.xx betas

barny
Posts: 42
Joined: Mon Mar 25, 2013 2:08 pm

Post by barny » Fri Jan 24, 2014 9:07 am

My fix ended up working perfectly on Win 7 x64 SP1 once tzuk had made some further changes to DDE in the SB 4 release. However, I've been testing out Windows 8.1 and the my fix no longer works. Even when using an older version of Firefox (eg. 3, 10, 13), I am unable to get links outside the sandbox open within the sandbox, unless I use the fix provided by Mike (which isn't ideal as it has a couple of downsides).

For anyone on Windows 8.1 (or possibly 8 ), has anyone managed to get links outside the sandbox to open within a sandboxied Firefox (even old versions of FF) without using Mike's fix ?

If not, could the new devs look into this again as I'd like to get the old behaviour back.

barny
Posts: 42
Joined: Mon Mar 25, 2013 2:08 pm

Post by barny » Fri Jan 24, 2014 7:54 pm

Just confirmed that Windows 8.1 (and possibly 8 ) have affected the changes (work arounds) made to Sandboxie 4 (after 4.02 I believe) to get DDE working on Win 7 x64 SP1.

I installed fresh Windows 7 x64, Thunderbird, Firefox 4, Sandboxie 4.08, and clicking on URL in Thunderbird opened it in running Sanboxied Firefox 4. I was also able to open a non-sandboxed Firefox at the same time, and external links would still open in sandboxied FF (essentially it would open in whatever FF was launched first).

I then upgraded to Firefox 27 beta 7 and the installer broke the DDE, but after applying my fixes everything was working fine, as above.

After that I installed fresh Windows 8.1 x64 and did the same as above, and even with Firefox 4, the DDE was broken and external links opened in a new unsandboxed instance of Firefox, instead of the already running sandboxied FF. After installing Firefox 27 beta 7 and applying my fixes, the same happened, but this time two instances of an unsandboxied Firefox were launched with the external link.

Can you fix/change Sandboxie so DDE works again on Win 8.1, like it does on Win 7 x64 ?

barny
Posts: 42
Joined: Mon Mar 25, 2013 2:08 pm

Re: [.06] Links clicked in unsandboxed programs open two ins

Post by barny » Fri Feb 21, 2014 5:22 pm

Not fixed in 4.09.01 beta

joohwan@invincea
Posts: 87
Joined: Mon Feb 10, 2014 4:33 pm

Re: [.06] Links clicked in unsandboxed programs open two ins

Post by joohwan@invincea » Fri Feb 21, 2014 7:07 pm

Hi barny,

Looks like the Security Identifier (sid) for Anonymous is S-1-5-7, here's an article that lists out well known sids: http://support.microsoft.com/kb/243330.

Hope that helps...


BTW, I'll be trying out the reg fix myself on Monday...

barny
Posts: 42
Joined: Mon Mar 25, 2013 2:08 pm

Re: [.06] Links clicked in unsandboxed programs open two ins

Post by barny » Fri Mar 07, 2014 8:05 pm

Thanks for the info on the SID, but it doesn't help since no user registry branch appears for that SID.

As mentioned, something definitely seems to have changed to the way DDE is handled in Windows 8.1 x64 (and 8 ?) compared to Win 7 x64. The fix/change that tzuk made to one of the SBIE 4 betas that made it work again on Win 7 x64 (with my registry fix method) no longer works on 8.1 x64.

I really need to switch to Windows 8.1 x64 but use SBIE all the time, so I'm caught in a trap as, although it works, it doesn't work the way I'm used to.

Hoping this can be made to work in the near future on 8.1 x64 as it does on Win 7 x64.

@joohwan@invincea - did you manage to test out the reg fix (ie. my fix, not the ones mentioned by tzuk or Mike) and reproduce the issue ?

barny
Posts: 42
Joined: Mon Mar 25, 2013 2:08 pm

Re: [.06] Links clicked in unsandboxed programs open two ins

Post by barny » Thu Apr 10, 2014 10:33 am

joohwan@invincea wrote:BTW, I'll be trying out the reg fix myself on Monday...
barny wrote:As mentioned, something definitely seems to have changed to the way DDE is handled in Windows 8.1 x64 (and 8 ?) compared to Win 7 x64. The fix/change that tzuk made to one of the SBIE 4 betas that made it work again on Win 7 x64 (with my registry fix method) no longer works on 8.1 x64.

I really need to switch to Windows 8.1 x64 but use SBIE all the time, so I'm caught in a trap as, although it works, it doesn't work the way I'm used to.

Hoping this can be made to work in the near future on 8.1 x64 as it does on Win 7 x64.

@joohwan@invincea - did you manage to test out the reg fix (ie. my fix, not the ones mentioned by tzuk or Mike) and reproduce the issue ?
You mentioned you were going to try it out - Any update on this ?

barny
Posts: 42
Joined: Mon Mar 25, 2013 2:08 pm

Re: [.06] Links clicked in unsandboxed programs open two ins

Post by barny » Sun Apr 20, 2014 10:19 pm

I know changelog for 4.09.04 beta doesn't mention any fix related to this issue, but I tested it out anyway 4.09.04 beta still has this DDE issue.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest