Program only read one Folder

If it's not about a problem in the program
Post Reply
timi257
Posts: 2
Joined: Wed Aug 22, 2018 4:36 am

Program only read one Folder

Post by timi257 » Wed Aug 22, 2018 4:44 am

Hello,

I'm using sandboxie for browsing for a while now, but never did anything else with it. Now I have a new use-case where I thought I could use it but couldn't figure out how to do it.
Background is that I have 1 TB of cold storage on a hoster where I can only upload files via their Windows-Client. I want to use this storage for encrypted backups of my pc.
But the problem is that I don't want their Windows-Client to have full access to all files on my computer just to backup some big, encrypted files every few weeks. So my idea was to put the client into a sandbox that only has write-permission to the whole hard drive (and thus can't read any files) and only give the read-permission to one specific folder I store the encrypted backup-files to upload in.
But I found out that there is no possibility in giving priorities in resource-management like "make all folders write-only except this folder that is inside".

Is there any other possibility how I could achieve the desired behaviour? Do you have any hints for me?

Thanks for your help!

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2858
Joined: Mon Nov 07, 2016 3:10 pm

Re: Program only read one Folder

Post by Barb@Invincea » Wed Aug 22, 2018 10:05 am

Hello timi257,

Sandboxie has read access to your computer by default. You can apply restrictions by accessing these settings:
https://www.sandboxie.com/ResourceAccessSettings#file
https://www.sandboxie.com/RestrictionsSettings

I wouldn't recommend running your backups inside Sandboxie, as it is not a storage application. The purpose of Sandboxie is to isolate programs running inside of it, thus using it for encrypting / backup data may not provide the desired results.

Here's a related thread (for restrictions):
viewtopic.php?f=4&t=24012&p=128609&hilit=Chrome#p128609

Regards,

timi257
Posts: 2
Joined: Wed Aug 22, 2018 4:36 am

Re: Program only read one Folder

Post by timi257 » Wed Aug 22, 2018 11:03 am

Hello,

thank you for your quick answer and for the links. But I think I didn't really make clear what I want to do and why I want to do it.

I know that every program running in Sandboxie has read access to all files by default because the main goal is to prevent malware to do any changes to the file system. But what I'm concerned about is that the 3rd-party-client of the cloudstorage-provider could send more data than the backup-data to their server.
So my goal is not to run backups inside Sandboxie or use it as a storage application but to start the 3rd-party-client (I don't really trust) inside Sandboxie and only give it permissions to see the files it should upload to it's webpage, no other files. Do you know what I mean?

This is very similar to the guy who wanted to block all access except for the folders concerning Google Chrome.
We'd need a whitelist-feature or at least some possibility to exclude subfolders from blocking-rules or something.

Is there any solution for this? Or could it be implemented in new versions? As someone said this would make Sandboxie the best privacy-Software because it would not only protect against file-manipulation but also against data-theft.

Thanks for your support.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2858
Joined: Mon Nov 07, 2016 3:10 pm

Re: Program only read one Folder

Post by Barb@Invincea » Wed Aug 22, 2018 11:17 am

Hello timi257,

The post I provided is a feature request. At this point, there are no intentions of implementing such changes, as they are outside scope. Any updates will be added to the original thread.

You can use the post as a reference, plus the Restriction links on my previous response, to limit the program's access (provided it runs in a Sandbox).

Regards,
Barb.-

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1662
Joined: Fri Jan 17, 2014 5:21 pm
Contact:

Re: Program only read one Folder

Post by Curt@invincea » Wed Aug 22, 2018 12:27 pm

In Sandboxie, you can block any folder you want. But all applications are going to have to have read access to c:\windows (among other folders) to load Windows files in order to run. You need to keep your sensitive files in once place and block that in Sandboxie.

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 6 guests