Sandboxie security flaw???

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Sandboxie security flaw???

Post by Guest on 6/3/2012, 01:06

Well, he mentioned the feature is not reliable for non-EXE files.

Regardless of being inside a zip folder, is still an EXE that we're executing. Can't Sandboxie intercept that action and block it, if it can't force it to the sandbox due to some limitation? Couldn't it monitor the actions for certain file types, such as zip files, that are being forced to a sandbox, if something tries to execute outside of the sandbox, then prevent it asking the user whether to allow or block? This is something I actually asked before, so I apologize for repeating myself.

Also, isn't the point of having Forced Folders to have a way to force all the EXEs to the sandbox, without having to manually specify... who knows... dozens and dozens of EXEs? Not to mention one would need to add them one by one to the Forced Programs configuration.

Then again, how would one add a zip file to the Forced Programs? I mean, we can add zip files (I just tried it), but it won't work. Laughing

Guest
Guest


Back to top Go down

Re: Sandboxie security flaw???

Post by ssj100 on 6/3/2012, 09:25

I think he's implied fairly strongly that it's also not reliable in other circumstances - "...and if Sandboxie can infer that it has anything to do with a forced folder".

The question of monitoring certain file types has been asked at least a few times on the Sandboxie forums - I can't remember tzuk's exact replies, but I don't think much can be done about it.

The concept of adding something to the Forced Programs mechanism in this context is not to add the individual file/file type to it. Instead, it's to add the zip program (or whatever relevant program) to it. This means that when you open a zip file, it will always open sandboxed because your zip program will be forced to open sandboxed. However, as with the case of Windows Picture and Fax Viewer, it may not be always possible to add the relevant program to Forced Programs.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Sandboxie security flaw???

Post by Guest on 6/3/2012, 22:13

ssj100 wrote:I think he's implied fairly strongly that it's also not reliable in other circumstances - "...and if Sandboxie can infer that it has anything to do with a forced folder".

Yes, but that's applied to non-EXE files. Isn't it? This is the full sentence:

Again, the feature is not reliable for non-EXE files. This means sometimes stuff will work, and sometimes it won't work, and it depends on how Windows Explorer opens the viewer program, and if Sandboxie can infer that it has anything to do with a forced folder.

My understanding is that, considering it's not a reliable functionality for non-EXE files, then under certain circumstances it will depend on whether or not Sandboxie can infer that some action has to do with a forced folder. This would apply for image viewers, etc.

The above is something I already knew. But, isn't a zip file with an *.EXE file a whole different matter?


The question of monitoring certain file types has been asked at least a few times on the Sandboxie forums - I can't remember tzuk's exact replies, but I don't think much can be done about it.

Can't be done or would it require extra work? If other applications can monitor file types, so could Sandboxie?


The concept of adding something to the Forced Programs mechanism in this context is not to add the individual file/file type to it. Instead, it's to add the zip program (or whatever relevant program) to it. This means that when you open a zip file, it will always open sandboxed because your zip program will be forced to open sandboxed. However, as with the case of Windows Picture and Fax Viewer, it may not be always possible to add the relevant program to Forced Programs.

Yes, I know that. But, that has nothing to with *.exes inside zip files. I previously mentioned Also, isn't the point of having Forced Folders to have a way to force all the EXEs to the sandbox, without having to manually specify... who knows... dozens and dozens of EXEs? Not to mention one would need to add them one by one to the Forced Programs configuration., but only has a reaction to a Downloads folder. Smile

Not really involved with *.zip files, at all. Just wondering how one could add a bunch of *.exes at the same time. Laughing

Guest
Guest


Back to top Go down

Re: Sandboxie security flaw???

Post by Guest on 6/3/2012, 22:19

Also, forcing a compression tool to a sandbox wouldn't work, under two different scenarios:

1. The user is using Windows native functionality. Which would make it necessary for Sandboxie to have a monitoring functionality for certain file types within a forced folder.

2. Forcing a third-party compression tool doesn't come without its issues.

I have tried that approach before, but for some reason I could never uncompress files within a flash drive. Question The files simply wouldn't extract, at all. Never.

They would extract outside of the flash drive, but not inside of it. This way enough to stop forcing it.

Guest
Guest


Back to top Go down

Re: Sandboxie security flaw???

Post by ssj100 on 6/3/2012, 23:49

I think we just need to accept that it's also a problem in other circumstances. tzuk's comments above were on the Sandboxie forum and not formally documented - I suppose it would be nice to have the limitations discovered so far formally documented. However, I'm sure there are other settings where the Forced Folder mechanism fails to work.

I personally don't force compression tools, but I have my own workaround for all newly introduced files.

I've seen the file type monitoring being asked at least twice in the "Feature Request" subforum on the Sandboxie forums - for whatever reason, tzuk doesn't want to implement such mechanisms. Perhaps it will require too much work (for now?) or perhaps it will conflict with some internal mechanism in Sandboxie - I don't know. What I do know is that tzuk is the only programmer working on Sandboxie, so he has his work cut out!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Sandboxie security flaw???

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum