Sticky Password breaks Sandboxie - take 2

[henryg]

Things got a bit confused in my last post, so here is what concerns me:

If I load SP into, in my case, a drop-rights sandbox with the SP template, as well as filling in passwords in a sandboxed instance of Firefox it will also do the same in an unsandboxed instance of Firefox; but it will not do so if Firefox is loaded in another sandbox.

So for me, SP is breaking out of its sandbox insofar as it will work in a non-sandboxed FF, but the integrity of a different sandboxed FF is maintained.

While that can be convenient and I have no reason not to trust SP (well it holds many of my passwords after all), does it mean a vulnerability exists which can be exploited by some nasty or other eg via Flash, Acroreader or Java etc? BTW I force the latter two into separate sandboxes.

Both SP and FF are installed outside of Sandboxie.

I hope this, and my concerns, are now clear.

[FF 44.0; SP 8.06.145; SB 5.07.5]

[Rasheed187]

OK, so Sticky Password running sandboxed can fill in passwords into a non sandboxed Firefox? Do you also get to see any dll files related to SP into FF? You can check this with Process Explorer. And you're talking about a certain SP template. Is it possible that this template gives SP access to both a sandboxed and non-sandboxed FF? What happens when you remove this template?

[henryg]

OK, so Sticky Password running sandboxed can fill in passwords into a non sandboxed Firefox? Do you also get to see any dll files related to SP into FF? You can check this with Process Explorer.

Not sure if I am doing this properly, but all I see under Firefox in Perocess Explorer is plug-in container.exe

And you're talking about a certain SP template. Is it possible that this template gives SP access to both a sandboxed and non-sandboxed FF? What happens when you remove this template?

The template is auto installed by sandboxie. I will try to remove and check later.

[henryg]

SP has stopped working with FF completely ATM; sandboxed or not, and even after I went back to FF44.

Will have to go back to an image, but sadly 2 months old so may take a while to get back up to date

[Craig@Invincea]

SP has stopped working with FF completely ATM; sandboxed or not, and even after I went back to FF44.

Will have to go back to an image, but sadly 2 months old so may take a while to get back up to date

Completely not working for you?

[henryg]

My system is back up and running, and fully updated. AND it seems that Rasheed187 had the answer, as a quick test after removing the SP template (via the configuration dialogue) stopped SP working in an unsandboxed instance of FF!! I don't know if there will be any knock-on effects, but I will leave it as is and see what happens.

Craig, I think this is something Invincea needs to look at seriously. How can a template break Sandboxie's protections, and are other templates doing something similar? I still have 7 active compatibility templates in effect!!

[bo.elam]

How can a template break Sandboxie's protections, and are other templates doing something similar? I still have 7 active compatibility templates in effect!!

Henry, sometimes a template becomes obsolete after a program updates. And the solution is to untick the compatibility setting or if possible, Invincea make an update to the template. Also, sometimes a program might work better in your computer without you using the compatibility setting and maybe at the same time, in my computer, the same program works better if I use the compatibility setting.

Bo

[Craig@Invincea]

My system is back up and running, and fully updated. AND it seems that Rasheed187 had the answer, as a quick test after removing the SP template (via the configuration dialogue) stopped SP working in an unsandboxed instance of FF!! I don't know if there will be any knock-on effects, but I will leave it as is and see what happens.

Craig, I think this is something Invincea needs to look at seriously. How can a template break Sandboxie's protections, and are other templates doing something similar? I still have 7 active compatibility templates in effect!!

@Henryg, Nothing has broken the protection of the sandbox. You claimed this before. Again, this is not the case. As for templates, @Bo is correct. They become obsolete. Do we try and keep them updated? Sure. But we have to balance the browser actually working first, then the add-on, then the template (compatibility modes)..(more below.)

You seem to be the only one have issues with LP and SP. Please stop making claims that something has "Broken the sandbox.." which is not the case. You need to understand the templates and what they do.

@Rasheed187 does not have any answer. While we like the feedback, it's simply expected behavior. What he observed with a template is what a template would do. The template does what? It punches a whole in the SB...Why? to allow passwords to be written through. OR to allow cookies, or to allow "x." etc.

This is what a template does. You've opened a hole, for which you chose to do. Removing the template seals the hole. That's expected behavior. If we had zero templates, nothing would get out, and you would be stuck with a very miserable, but completely isolated environment. This applies to any template.

Ronen spells this out regarding FF template (it would apply to all of them) http://www.sandboxie.com/index.php?FirefoxTips that you....YOU are degrading the SB....ever so slightly.

You can have it both ways. Thats simply impossible. Users have decide on the level of risk.

[Craig@Invincea]

I'll be closing this thread soon. Why? Well, honestly nothing other than claims and misunderstandings have been populated on this thread.

Claims that escapes from a sandbox have been made, and that ".....Invincea needs to look at this..." Which is simply not the case. Templates/compatibility mode do exactly what they do. Punch a hole. If you agree to use that mode. Then you take that ever slight risk. Otherwise, default SBIE with no modes/templates is a impervious sandbox. Although your experience will be frustrating. You need to have balance and weight that balance for which you are comfortable.

You cannot have it both ways.

Since this thread started we've had over 300,000 visitors to this particular thread according to the stats. Not one other claim....(this doesn't take into count the 80-100k PER day users to the forum site front page)

Not one other post regarding SP. Yes, a post about LP in that thread..because a user is using a finger print reader and a post about a 2FA USB stick. Both of which involve unique drivers on the host..and well, we're not going to dedicate resources on the for which a fix may not even be possible (and those situations are exceedingly rare use events) And there are other 2FA options...txt, apps, etc.

I just feel we are going in circles, and it's causing concerns that are not justified. Yes, me..Curt and others monitor this forum ALL the time. Do we respond to every single post? Do we troubleshoot every single post?

No.

That's impossible.

The best example, use case, of an event for which becomes a priority...is the Oct 2015 Patch Tuesday. We had hundreds of reports. Thus, something was a miss. This wasn't a one off, 3 off, my "x' game/program isn't working. That was much more clear, we can duplicate the issue, and affected a wide range of different, but general usage of SBIE.

Not a browser add-on, not a seldom used general program. Again, balance. We cannot solve or look at every single program/issue.

With that said, of course, a serious sandbox exploit possibility, like the one we had over the summer that was posted to YouTube, trumps everything (and patched quickly)...We have a thread just dedicated to those announcements. We even had a exploit Bounty Program that ran for over 90 days and offered some serious $$ to a Bug Research company (A very well known company) for whom informed us via their investigative researchers that SBIE was secure.

We never paid ONE bounty.

[Curt@invincea]

I am not familiar with SP and have never used it.

This line in the SP template means that anything in the sandbox can send Windows messages to stpass.exe running outside the sandbox.
OpenWinClass=$:stpass.exe

So, for example, if it wants to send a password to an edit control outside the sandbox, it is able to do so.

[henryg]

I am not familiar with SP and have never used it.

This line in the SP template means that anything in the sandbox can send Windows messages to stpass.exe running outside the sandbox.
OpenWinClass=$:stpass.exe

So, for example, if it wants to send a password to an edit control outside the sandbox, it is able to do so.

Thank you for that.

Technically correct or not, to me something that gets out of a sandbox to another non-sandboxed program "breaks Sandboxie", but now I understand it was as a result of the template which is designed to do so to one extent or another.

But I take exception to any implications that I have unjustly (my description) said SP is breaking SB. Yes, I accept that I don't understand how SB and templates work, but this simple posting by Curt if made earlier would have resolved the issue. And Craig, you are well aware that I tried to deal with this "off Forum" by PM after my older thread, but after an initial response I got no replies to subsequent PM responses.