Can LUA guarantee service isolation?

View previous topic View next topic Go down

Can LUA guarantee service isolation?

Post by Rico on 1/1/2011, 20:03

After careful reading of the second post of this topic : http://sandboxie.com/phpbb/viewtopic.php?t=7014 it seems that many of my fears about sandboxie x64 have been put to rest.

tzuk wrote:File-system, registry access and cross-process manipulation in the 64-bit version is subject to strong protection which is provided by kernel mode code, just like the 32-bit version.

However, as described in the WindowsVista64 page, the 64-bit version of Sandboxie cannot use kernel mode supervision to guarantee that software in the sandbox does not connect to a service outside the sandbox. Such connections are protected only at the application level.

For this reason, the Drop Rights option is enabled by default in the 64-bit version of Sandboxie.

ssj, since you're an expert on LUA matters, I wanted to know if:
* LUA prevents sandboxed programs from starting and terminating services already present on a pc.
* LUA prevents sandboxed programs from creating their own services.
* LUA prevents sandboxed programs from modifying an piggybacking on already present services.

Cheers,

Rico

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: Can LUA guarantee service isolation?

Post by ssj100 on 2/1/2011, 01:11

Hi Rico, I'm not really an expert, but I'll give it my best shot answering your questions. p2u (or tzuk) is probably the expert you're after though haha.

Rico wrote:* LUA prevents sandboxed programs from starting and terminating services already present on a pc.
I think LUA generally prevents programs (and the user) from starting and terminating services. I'm not 100% sure if LUA will prevent this within the sandbox though, but I would be surprised if a program running sandboxed could start/terminate services in an LUA. After all, a sandboxed program is simply another process running in the LUA with the rights of the LUA.
Rico wrote:* LUA prevents sandboxed programs from creating their own services.
Similar to above.
Rico wrote:* LUA prevents sandboxed programs from modifying an piggybacking on already present services.
This one I'm not so sure about, but again, if you think that sandboxed programs are running with the user's rights, then these sandboxed programs must have "limited rights" just like unsandboxed programs. Therefore, they should be unable to modify already running services. I'm not exactly sure what "piggybacking" is though. Is it that the sandboxed program could "take control over" the service? If so, I doubt it would be able to do so in a LUA.

However, the big question is what happens in a Privilege Escalation Exploit to sandboxed programs? For 32-bit, I am fairly sure that everything would still be contained. However, on 64-bit, I'm less sure. Remember, with a Privilege Escalation Exploit, the sandboxed programs may be able to run with Administrator or System rights. The way I understand it, at this stage, the user would need to rely on Sandboxie's protection.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum