access to user data

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
Unknown_User_423
Posts: 0
Joined: Wed Dec 31, 1969 7:00 pm

access to user data

Post by Unknown_User_423 » Fri Apr 13, 2007 6:01 am

In a web page, Ian "Gizmo" Richards said, "the third technique was the most advanced. It involved rebuilding the system descriptor table using a special utility and then terminating with APT. I have since communicated this with the author of Sandboxie and he has confirmed the problem. The hole will be closed in a an upcoming version. NOTE: This vulnerability has now been patched. All versions from 2.62 onwards incorporate this patch. I have amended the results tables accordingly. Gizmo 2nd Oct, 2006."

However, Ian Richards also talks about one vulnerability that hasn't been patched yet. He said, "SandBoxie too performed well and only failed in one test; user data is accessible to sandboxed processes."

I sincerely hope that you would be successful in providing a patch for this problem as well. Personal data on the "real PC" should not be accessible to sandboxed programs.
Top
SnDPhoenix
Posts: 2690
Joined: Tue Dec 26, 2006 5:44 pm
Location: West Florida

Post by SnDPhoenix » Fri Apr 13, 2007 11:46 pm

uhh, isnt this normal, i mean the point of Sandboxie is not to limit access to certain folders, i mean it allows access to everything and anything, even your windows dir which is dangerous (if you arent running SBie), so obviously it will allow access to your "Personal Folders", the point of SBie is to intercept all write operations and commit them in a sandbox instead of onto your "RealPC's" HD, that way nothing in the sandbox gets written to the HD, thus keeping you protected from s#@% trying to infect your HD, now i think you can block access to certain files and folders, but ive never checked cause i dont have personal data on my hd that im worried about :P .
Top
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sat Apr 14, 2007 8:53 am

However, Ian Richards also talks about one vulnerability that hasn't been patched yet. He said, "SandBoxie too performed well and only failed in one test; user data is accessible to sandboxed processes."
If this is a vulnerability or not, it depends on your definition. But in any case, Sandboxie has always had an option to block access to files and folders:

ClosedFilePath
tzuk
Top
Rasheed187
Posts: 216
Joined: Sat Jan 14, 2006 11:08 am

Post by Rasheed187 » Tue Jun 05, 2007 11:00 am

Perhaps an idea to make this more easily configurable via the GUI? :)
Last edited by Rasheed187 on Mon Jun 11, 2007 8:25 am, edited 1 time in total.
Top
tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Jun 05, 2007 7:27 pm

Thank you Rasheed. I don't think I would have thought of it myself. :P
tzuk
Top
Rasheed187
Posts: 216
Joined: Sat Jan 14, 2006 11:08 am

Post by Rasheed187 » Mon Jun 11, 2007 8:33 am

I certainly do hope that this stuff will be more easy to use, I´m not a real fan of having to edit stuff in configuration files myself. :wink:
Top
Post Reply

Return to “Problem Reports”

Who is online

Users browsing this forum: No registered users and 1 guest