[.04] XP SP3, Drop Rights/Forced programs issue

Listing issues addressed in beta version 4.01
Locked
bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2859
Joined: Wed Apr 22, 2009 9:17 pm

[.04] XP SP3, Drop Rights/Forced programs issue

Post by bo.elam » Tue Mar 12, 2013 1:21 pm

Hi tzuk, I noticed since the first beta for version 4 that the only way to get Forced programs to work in my XP SP3 is to disable Drop rights. If Drop rights is enabled, I get SBIE message 2203.

Thanks

Bo

DR_LaRRY_PEpPeR
Posts: 291
Joined: Wed Jul 04, 2012 6:40 pm
Location: St. Louis area

Post by DR_LaRRY_PEpPeR » Tue Mar 12, 2013 3:20 pm

Drop Rights doesn't even do anything anyway, at least for file/reg. permissions (as far as Denying the Administrators group). Although it must change things in other ways, since it breaks/freezes stuff trying to connect to the Interent (crashing SbieSvc), causes total denial-of-service in certain circumstances (run Process Explorer sandboxed) that can only be fixed by restarting the computer, etc.

Did you try Forced Programs with Drop Rights on something that does NOT try to connect to the Internet? (I didn't.) Also, I believe you'll get the same 2203 message (I think that's what it was, after SbieSvc crashes) with Drop Rights if you manually do Run Sandboxed (e.g. not forced)...


I don't know if this stuff is just on XP (I've done very limited testing on 64-bit 7), but I can't believe the people that are using it "for real" and say that everything works like before... :shock: :? I think I'm going to try to work around the issues (if I'm not forgetting anything) and try to carefully run it "in production" soon (on XP of course) to evaluate further, like my sandboxed Firefox+EMET issues.

Dropping rights with SRP seems to work fine when launching Forced sandboxed programs (not via Run Sandboxed though), so that should still allow me to have dropped rights I guess, if there's not something else being missed by not enabling it in SBIE. It seems to be equivalent in 3.x.
XP Home-as-Pro SP3 (Admin) w/ continued updates (Embedded/POSReady 2009)
> Permissions + "2-level" SRP, latest Sandboxie (Pro/registered), EMET 4, no anti-anything (ever)
Did I make tzuk crazed... in his last days? :o

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2859
Joined: Wed Apr 22, 2009 9:17 pm

Post by bo.elam » Tue Mar 12, 2013 3:43 pm

Hi Larry, about if I tried Forced Programs with Drop Rights on something that does NOT try to connect to the Internet, yes, I tried most programs that I sandbox and force, including some that I don't allow to connect: KMPlayer, WMP, Foxit, Word and Excel. I don't allow internet on any of their respective sandboxes and they all gave me message 2203 when I close the sandbox. In my case, all programs give me the message. If I don't enable Drop rights, all programs work well as forced except Excel and Word.

About whether this issue exist on other systems, I can tell you that up to beta .02, on my W7 32 bits, I did not experience this issue. There were other issues but I haven't tried .03 on it yet to see if its better now.

Bo

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Wed Mar 13, 2013 5:49 pm

I fixed this problem and this will be corrected in the next beta I release. Apologize about the inconvenience. This was caused due to some special handling for Drop Rights on Vista and later, which was incorrectly applied on XP as well. So just a minor bug, not related to the effect that Drop Rights has on security.

There was a similar problem report here:
http://www.sandboxie.com/phpbb/viewtopic.php?t=14826
tzuk

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2859
Joined: Wed Apr 22, 2009 9:17 pm

Post by bo.elam » Wed Mar 13, 2013 9:49 pm

Nice, thanks.

Bo

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Mon Mar 18, 2013 12:27 pm

Related topic:
http://www.sandboxie.com/phpbb/viewtopic.php?t=14826

Fixed in version 4.01.04.
tzuk

bo.elam
Sandboxie Guru
Sandboxie Guru
Posts: 2859
Joined: Wed Apr 22, 2009 9:17 pm

Post by bo.elam » Tue Mar 19, 2013 12:05 am

Yes, its fixed for all programs in my computer except Excel and Word.

When I click a Word or Excel file, this is what I see for either program:

Image

I ll use Word as an example. Sandboxie doesn't give messages when I click on a Word file, Word runs in the sandbox. The funny thing is that if I navigate to a Word file (File>Open) from the UI in the picture, the file runs sandboxed in the Office sandbox and it gets displayed as it should.

So, I think, Word and Excel are working forced somewhat but something is keeping the file from being displayed properly when it is a forced program. XP SP3 32Bits. Microsoft Office Professional Edition 2003.

Tzuk, this version feels great, no messages from SBIE whatsoever.:)

Bo

Locked

Who is online

Users browsing this forum: No registered users and 1 guest