SandboxieReflector - cross-sandbox execution

[Carl Colijn]

Hi all!

{update: The current version is 12.3.19 (from March 19, 2012) }

I've created my own contributed utility called SandboxieReflector. SandboxieReflector allows you to define commands that force designated applications to always run in a certain sandbox, also when called from inside another one. This can be useful in several ways; e.g.

• when you want to force certain apps to run in their own sandbox, thus not polluting other sandboxes along the way (run FireFox in it's own sandbox even when started from another sandbox), or

• when you want to install apps in their own sandbox, and be able to run them from anywhere (also from inside other sandboxes).

There are some restrictions, caveats, disclaimers etc.; they are all noted on the SandboxieReflector page at my web site - you can also download the zip file from there.

I've briefly mailed with Tzuk about this functionality, and while it might be added to a future version it will probably not be in the near future. I have therefore decided to still publish it as an interim solution, but I'm inclined not to develop/support it any further for the same reason. It should still be a very useful utility for the ones who know how to use it though!

Interested in your opinions, and happy reflecting!
Carl

[tzuk]

Looks good! Thanks for posting it. I hope some will find it useful.

[MichaelS]

This is great! I thought about something similar, but didn't get the time to work on it. I have read the SandboxieReflector page and I'm going to test it and put it at work today. I'm also an avid user of virtual computers, but as you and many others, I feel that Sandboxie's invaluable for getting the best out of your system for applications while still running them isolated, and this utility you have created should be of great help until Sandboxie reaches this milestone. Thank you.

[Carl Colijn]

This is great! I thought about something similar, but didn't get the time to work on it.

Funny how this seems to work sometimes - first there is nothing and then all of a sudden a few people get the same idea all at the same time... Maybe this is a hint to Tzuk the time is right for this feature?

Anyway, please tell me what you think of it! All feedback is appreciated, although I'm a bit reluctant to improve anything apart from bug fixing.

[MichaelS]

Carl, this is excellent. Works just the way I imagined it would and how I would've made my own implementation, so I have to thank you for saving me some time.
Also, as a Sandboxie user, I appreciate you shared this utility, thus bringing more attention upon a much needed feature. I'd call this one of the most valuable contributed utilities.
Without wanting to sound arrogant, I believe a lot more users would emphasize the wish for such a feature if they'd be aware of the implications and benefits of it.

If anyone's reluctant to using this utility, you should know that it doesn't have any impact on performance (i.e. file proxying doesn't affect execution time).

Manual labor for creating correct registry entries may seem cumbersome to some, but it is the only way to make this work, and I personally view it as a means to better control the way you want things to work.

I recommend Default Programs Editor as a great tool to aid the process for the faint-hearted.

Another thing I would like to mention: having all preferred extensions pointing to Reflector.exe is very helpful in case you wish to change a sandbox's location, because then yo do not have to deal with the change in the registry (unless the file icon is .exe dependent), but in the INI file, so it is easier to manage multiple changes.

Carl, thank you for creating this, and Tzuk- thanks for supporting the idea.

[MichaelS]

Carl, I know you said you do not wish to improve or further extend your application, unless it's a bug-fix or vulnerability issue, and I completely understand if you do not want to implement the following suggestion:

Add an alternative version of the Reflector and/or Effectuator that allows the Reflector to pass raw command lines to the Effectuator, so it is not confined to the /file parameter.

For example, this:
"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> /I="$I" /R="$R" /L="$L"

would execute whatever is in the CmdLine associated with <profilename> along with /I="$I" /R="$R" /L="$L"

The reason I am asking this is because $I, $R, $L are actually dynamic arguments replaced with other data by the file-manager that I am using, so I can't just add them to the INI file. This means that when I am executing

Code: Select all

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> /I="$I" /R="$R" /L="$L"

, the file manager is actually running:

Code: Select all

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> /I="inactive_pane_path" /R="right_pane_path" /L="left_pane_path"

Again, if you do not want to implement this for the already mentioned reasons or for any other reason, I completely understand and I already appreciate the application as it is.
I am aware that this is a niche suggestion so I already created an application that dynamically changes the INI command line before executing the Reflector.

Thank you.

[Carl Colijn]

Carl, I know you said you do not wish to improve or further extend your application, unless it's a bug-fix or vulnerability issue, and I completely understand if you do not want to implement the following suggestion:

Add an alternative version of the Reflector and/or Effectuator that allows the Reflector to pass raw command lines to the Effectuator, so it is not confined to the /file parameter.

Hi MichaelS,

A more generic method would be to pass all parameters along via a dedicated /p switch, with "/p file" a good replacement for the "/file" in use now. Something like:

Code: Select all

Reflector.exe /exec <profile name> [/p <param name> <param value> [<param value> ...]] 

and the profile code something like:

Code: Select all

CmdLine=MyApp.exe [$<param name> [$<param name> ...]] 

As an example:

Code: Select all

Reflector.exe /exec MyProfile /p file "%1",
CmdLine=MyApp /open $file

and:

Code: Select all

Reflector.exe /exec MyProfile /p I "$I" /p R "$R" /p L "$L"
CmdLine=MyApp /left_path=$L /other=$R /and_even=$I

Just like the Effectuator now looks for all %1's in the cmdlines and complains if there is an unmatch with any /file switch, it could just as easily compare all /p's in the same manner.

I'm already breaking my own promise of not improving the code by looking if initial DDE proxying support is easy to add, so the above would be a quick addition as well No promise on a time frame, but the idea intrigues me!

[MichaelS]

Hello! Thank you for considering the suggestion.
Your approach is good, but the command would still depend on the CmdLine from the INI file, while a raw interpretation wouldn't.

An example. Let's say I run the following user command from my sandboxed file manager (which would replace $I, $R, $L with file paths or whatever):

Code: Select all

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> "D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

In this case, the CmdLine property in SandboxieReflector.ini for the invoked profile could be null, like CmdLine="" and Effectuator.exe would run

Code: Select all

"D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

or, if it is possible, introduce a /raw parameter whose value is concatenated to the ini CmdLine property (which can be null).

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> /raw "D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

Of course, the call is yours, and as I said before, I'm already using your applications in conjunction with one of mine to get the desired functionality.

[Carl Colijn]

Hello! Thank you for considering the suggestion.
Your approach is good, but the command would still depend on the CmdLine from the INI file, while a raw interpretation wouldn't.

Hi MichaelS,

I get what you're after, but I do not want to add a "raw" interpretation to SandboxieReflector - if such an interpretation would be added, anyone could execute any command in a sandbox, as long as they know the name of the corresponding profile. Since the SandboxieReflector.ini file is readable by anyone (even the baddies), this would mean a giant security breach. (as if like it's worthwhile to build circumvention code for all 10+ people on Earth using SandboxieReflector , but still...)

But I still do think my solution will also help you;

An example. Let's say I run the following user command from my sandboxed file manager (which would replace $I, $R, $L with file paths or whatever):

Code: Select all

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> "D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

In this case, the CmdLine property in SandboxieReflector.ini for the invoked profile could be null, like CmdLine="" and Effectuator.exe would run

Code: Select all

"D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

In this case the Reflector.exe call would be:

Code: Select all

Reflector.exe /exec <profilename> /p I "$I" /p R "$R" /p L "$L" /p file "%1"

which would expand to e.g.:

Code: Select all

Reflector.exe /exec <profilename> /p I "inactive_pane_path" /p R "right_pane_path" /p L "left_pane_path" /p file "C:\Windows\Media\ding.wav"

The CmdLine in the .ini would be (now with the .wav supplied via Reflector as well via the "file" parameter):

Code: Select all

CmdLine="D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify=$file

which in this case would expand to:

Code: Select all

CmdLine="D:\MyApp.exe" /I="inactive_pane_path" /R="right_pane_path" /L="left_pane_path" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

Does this do what I think you meant? It is a (potentially) useful and quick-to-add addition in it's own right, though, so I'd probably add it anyway. Another use case would be to consolidate multiple almost-similar cmdlines into one profile (like some programs have when they have multiple shell verbs), with the differences triggered via alternate Reflector.exe calls.

[MichaelS]

I get what you're after, but I do not want to add a "raw" interpretation to SandboxieReflector - if such an interpretation would be added, anyone could execute any command in a sandbox, as long as they know the name of the corresponding profile.

Yes, I realize this, that's why I initially suggested to add an alternative version of the Reflector and/or Effectuator that allows the Reflector to pass raw command lines to the Effectuator, so only those who are aware of the risks would use it, but I understand the concern for security breaches.

But I still do think my solution will also help you;
[...]
Does this do what I think you meant? It is a (potentially) useful and quick-to-add addition in it's own right, though, so I'd probably add it anyway. Another use case would be to consolidate multiple almost-similar cmdlines into one profile (like some programs have when they have multiple shell verbs), with the differences triggered via alternate Reflector.exe calls.

No doubt, what you presented would be a welcomed addition.

Thank you!

[Carl Colijn]

But I still do think my solution will also help you;
[...]
Does this do what I think you meant? It is a (potentially) useful and quick-to-add addition in it's own right, though, so I'd probably add it anyway. Another use case would be to consolidate multiple almost-similar cmdlines into one profile (like some programs have when they have multiple shell verbs), with the differences triggered via alternate Reflector.exe calls.

No doubt, what you presented would be a welcomed addition.

Thank you!

And thus came version 12.3.2; you can download it from the SandboxieReflector web page on my site (see the initial post).

The previous version could only handle a single /file parameter (reflected in any %1 CmdLine tag), but now you can use a more general /p parameter passing method, which allows you to create as many parameters as you want. Now on to investigating simple DDE proxying again... Did I tell you I wanted to leave it at version 12.2.22?

[MichaelS]

Thank you for the improvements! This surely broadens the use of SandboxieReflector.

[Messmer]

Can you add /min to the Effectuator so it go small on start.

[Carl Colijn]

Can you add /min to the Effectuator so it go small on start.

Hi Messmer,

It's already there It's the /s switch.

[Messmer]

Can you add /min to the Effectuator so it go small on start.

Hi Messmer,

It's already there It's the /s switch.

Great, it solved one my problem. Software I wan't to use but with highly restrictive right on install.