Page 1 of 1
Include processes to run in a specific sandbox
Posted: Wed Jan 26, 2011 2:57 pm
by Jokerside
I know the subject sounds odd, but there wasn't room for more.
First, I'd like to say that I have no idea how easy it would be to implement such; so, I'd just like to express a wish. If possible to do it, great; if not, it's OK.
OK. What I have in mind is, suppose you have an e-mail client you do not want to run the e-mail client itself under a sandbox, but you still would like to open its attachments under a sandbox.
My idea is to have a sandbox where I could define to start XYZ process under that sandbox, but only if the process that triggers this XYZ process is on the list. This way, such XYZ process would only run sandboxed under those conditions, and run outside the sandbox, if the process triggering them doesn't match the one in the list.
Again, if something easy, or something you'd feel OK implementing it, great, otherwise no hard feelings.
Thank you for your time and for Sandboxie.
Posted: Wed Jan 26, 2011 3:41 pm
by SnDPhoenix
So if I understand correctly, you're basically asking for this.
As an example,
Don't force Firefox sandboxed.
Don't force Notepad sandboxed.
Do force Notepad sandboxed if opened by Firefox.
Posted: Wed Jan 26, 2011 4:20 pm
by Jokerside
SnDPhoenix wrote:So if I understand correctly, you're basically asking for this.
As an example,
Don't force Firefox sandboxed.
Don't force Notepad sandboxed.
Do force Notepad sandboxed if opened by Firefox.
Yes, precisely. The reason for such is that, I recently installed Sandboxie to a relative, but to be able to set it up in a proper way to resolve any program that would not start/run, I decided not to force the e-mail client to a sandbox, because it could be possible that such an alert/some other alert could appear, and my relative didn't want it that way, and also dislikes having to right-click something and choose to run unsandboxed then.
So, that left me with an alternative: I have sandboxed PDF reader and media player, but I have not, as an example, sandboxed Office applications, otherwise whenever starting some office application it would be forced to open in sandboxie. So, it would be great it would be possible to force xyz *.doc file, *.xls file, etc., if Word, Excel, etc are triggered by the e-mail client process.
That's just an example.
This would give my relative the comfort of having those dangerous stuff sandboxed, while the e-mail client, itself, would not. It sure would be way better than not being sandboxed, at all.
Posted: Wed Jan 26, 2011 4:31 pm
by Mike
In the meantime, you might try this as a workaround:
http://www.sandboxie.com/phpbb/viewtopic.php?t=7088
Jokerside wrote:... I decided not to force the e-mail client to a sandbox, because it could be possible that such an alert/some other alert could appear ...
I think that, once you figure out the necessary settings for the above workaround, you would rarely if ever see alerts related to the email client.
Posted: Wed Jan 26, 2011 4:47 pm
by Jokerside
Mike wrote:In the meantime, you might try this as a workaround:
http://www.sandboxie.com/phpbb/viewtopic.php?t=7088
Jokerside wrote:... I decided not to force the e-mail client to a sandbox, because it could be possible that such an alert/some other alert could appear ...
I think that, once you figure out the necessary settings for the above workaround, you would rarely if ever see alerts related to the email client.
Thanks for the link.
I'm aware that once I figure out the necessary settings that most of the alerts would be gone. The problem is I don't have such time, and having from time to time my relative sending me an e-mail or calling me on the phone "Oh, this is displaying an error." "Oh, something is requesting permissions to run in the sandbox, should I allow it?".
Stuff like that. I really don't have such time. Not to mention it wouldn't be practical, I'm afraid.
Posted: Wed Jan 26, 2011 5:38 pm
by Mike
Jokerside wrote:The problem is I don't have such time, and having from time to time my relative sending me an e-mail or calling me on the phone "Oh, this is displaying an error." "Oh, something is requesting permissions to run in the sandbox, should I allow it?".
Yeah, I totally get that.
I was kind of assuming that you wouldn't really have to figure anything out, since settings like this should practically make your email program unsandboxed:
Code: Select all
OpenFilePath=outlook.exe,*
OpenKeyPath=outlook.exe,*
OpenIpcPath=outlook.exe,*
OpenWinClass=outlook.exe,*
OpenClsid=outlook.exe,*
But who knows, there are always surprises. Anyway, just trying to give you an option if tzuk isn't able to fulfill your request.
Posted: Wed Jan 26, 2011 6:41 pm
by tzuk
I think this is an interesting feature and I may implement it some day.
Posted: Wed Jan 26, 2011 8:08 pm
by Jokerside
tzuk wrote:I think this is an interesting feature and I may implement it some day.
Thanks.
Posted: Sun Jun 12, 2011 6:46 pm
by CKYTEP
Hello,
Sorry for bringing this kind of old thread into life... I'm truly an angel, you know.
Anyway, I'd just like to say that this would indeed by a welcome feature to Sandboxie.
So, I vote for this feature. It would be nice if I could force an application to be sandbox only if it was initiated by another application.
Thanks!!
Posted: Sun Jun 12, 2011 7:04 pm
by D1G1T@L
tzuk wrote:I think this is an interesting feature and I may implement it some day.
+1
Posted: Mon Jun 13, 2011 11:26 am
by tzuk
Yes, I plan to add this feature soon, "soon" being a flexible term of course.
Posted: Tue Aug 02, 2011 6:30 am
by wangyin
I think this could be an fascinating attribute and I may possibly apply it some day.
(This is a spam post. --tzuk)
Posted: Tue Aug 02, 2011 7:40 am
by Guest10
Ha! ^^^^
In the past I've seen a spammer use my signature in a message, along with their junk.
Now tzuk's words have been copied and used in a spam message.
(Sorry about adding to the posts that need to be deleted, but I couldn't help myself)
Posted: Tue Aug 02, 2011 2:20 pm
by tzuk
Funny that it's not a verbatim quote but they change the wording a bit.