Encrypted PGP Disk volume not protected by default

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
Stephan

Encrypted PGP Disk volume not protected by default

Post by Stephan » Tue Jan 16, 2007 11:53 am

I'm using an encrypted PGP Disk volume mountet as drive T:
notepad.exe running sandboxed is nevertheless able creating, deleting and editing files permantly on drive T: - breakthrough Sandboxie

Online help gives an example for an solution for another product "TrueCrypt":
[GlobalSettings]
HarddiskVolume=\Device\TrueCryptVolumeT
HarddiskVolume=T:
In my case I looked in the device manager and found a device named PGPdisk and added this line to my Sandboxie.ini.
HarddiskVolume=\Device\PGPdisk,asis
Now my PGP volume T: is protected and can't be modified by sandboxed programs.

Question:
I found many other devives listed in the device manager - which I do not exactly know . Example: ASPI32, FileDisk, mountmgr, pagedfrg, ...
Are these all possible security holes ?
Maybe there exists an device that can access the computer file system, or the disk at low level - and a sandboxed Programm will establish an connection to this device (that resides outside the sandbox) and then use this device to modify something outside the sandbox ? Maybe the topic "Paragon Partition Manager breakthrough Sandboxie" is the same problem - a device installed outside the sandbox is contacted from inside the sandbox ?

It it possible permitting all direct device access inside the sandbox, so that an encrypted PGP Disk volume and other products are protected by default ?

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Jan 16, 2007 4:45 pm

Maybe there exists an device that can access the computer file system, or the disk at low level - and a sandboxed Programm will establish an connection to this device (that resides outside the sandbox) and then use this device to modify something outside the sandbox ?
There isn't such a device by default, that I know of. And if you find out the next Windows Update install such a device, you can always add:

ClosedFilePath=\device\TheEvilDevice
Maybe the topic "Paragon Partition Manager breakthrough Sandboxie" is the same problem - a device installed outside the sandbox is contacted from inside the sandbox ?
This is entirely possible, in version 2.64, if the new device -- such as your PGP disk -- is mounted after Sandboxie has taken inventory of your drives, and noted to itself, what are the hard drive eligible for sandboxing.

But, similar to what I said in that other post: In version 2.7, there is no such inventory, there is no more HarddiskVolume setting, and drives become eligible for sandboxing as soon as they are mounted into the system.
tzuk

Post Reply

Who is online

Users browsing this forum: No registered users and 21 guests