Trust No Program

3 functions missed after short test/use of sandboxie

Ideas for enhancements to the software

3 functions missed after short test/use of sandboxie

Postby Requester » Sun Dec 09, 2007 3:52 pm

Hi all,

after a short test of sandboxie quickly I missed 3 functions.

1. Main application of a sandbox:

I would like to have a setting where I can specify an application as the main application for a special sandbox created for this main application. If the main application of a special sandbox is finished all other applications started in this sandbox during the runtime of the main application should be stopped automatical too, without the necessity to specify them especially.

2. Excluding an application from running sandboxed:

I would like to have the possibility to specify applications that are never allowed to run sandboxed or to not allow running an application in a special sandbox.

3. Specifying applications how they are started when started by an sandboxed application:

Further I would like to have the possibility to specify for applications the way they are started when called by another already running sandboxed application. If they should be started normally in the same sandbox of the calling application or to start them not sandboxed or to start them in an other sandbox.

Hope you can implement it fast ;)

cu
Requester
 

Postby tzuk » Sun Dec 09, 2007 4:12 pm

Hi Requester, your first feature request has already been requested in this topic and I agreed to do it.

Your second feature request can be crudely implemented by using Sandbox Settings | Resource Access | IPC Access | Blocked Access settings page. Add the resource * for the undesired programs, and they will not be able to run sandboxed.

Your third feature request will not be implemented, however, you may be able to use the various setting pages below Sandbox Settings | Resource Access to immitate this behavior, by allowing specific sandboxed programs to have full access to your system.
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby Requester » Sun Dec 09, 2007 7:31 pm

tzuk wrote:Your second feature request can be crudely implemented by using Sandbox Settings | Resource Access | IPC Access | Blocked Access settings page. Add the resource * for the undesired programs, and they will not be able to run sandboxed.


Yes, I know, but if you have multiple sandboxes and you want an application never to be run sandboxed you must configure it in every sandbox and never forget to configure it when ever creating new sandboxes later.

tzuk wrote:Your third feature request will not be implemented, however, you may be able to use the various setting pages below Sandbox Settings | Resource Access to immitate this behavior, by allowing specific sandboxed programs to have full access to your system.


No, not possible, I have an application that does not run sandboxed in any way (I think), it is Apple's iTunes. But it is necessary to allow start from the sandboxed browser in some circumstances. In the moment I have to block iTunes in any created sandbox to make sure it is never running sandboxed. But this will also stop automatic normal not sandboxed start of iTunes from the sandboxed browser.
Requester
 

Postby wraithdu » Sun Dec 09, 2007 7:41 pm

I don't think tzuk will implement your 3rd request because it creates a security hole. It's easier not to create a hole than to create it and try to prevent it from being exploited. I agree that it would be convenient to have a setting like this, but I also think it's a bad idea.
wraithdu
 
Posts: 1410
Joined: Fri Jun 29, 2007 7:54 pm

Postby Guest » Sun Dec 09, 2007 9:39 pm

wraithdu wrote:I don't think tzuk will implement your 3rd request because it creates a security hole. It's easier not to create a hole than to create it and try to prevent it from being exploited. I agree that it would be convenient to have a setting like this, but I also think it's a bad idea.


Yes, I am aware of this security risk. But it must be set by the user and for example it could be made possible via sandbox settings and only for a special application running in this sandbox. For example allowing only request to start iTunes.exe not sandboxed from sandboxed firefox.exe only for this firefox.exe running in this sandbox.

cu
Guest
 

Postby tzuk » Mon Dec 10, 2007 5:17 pm

Maybe another solution to this problem would be to get iTunes to run sandboxed. Haven't tried it myself yet, but I will. Anything specific in iTunes I should look out for, or does it fail to even start sandboxed?
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 0 guests