low integrity level

Ideas for enhancements to the software
Post Reply
blasev
Posts: 20
Joined: Mon Apr 11, 2011 3:30 am

low integrity level

Post by blasev » Sat Jun 04, 2011 3:38 am

additional on the dropright feature
so a user can choose to use low integrity level instead of medium integrity (if UAC is tuned On)

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sat Jun 04, 2011 10:43 am

No, that can't work. Low integrity level means a program can't access anything and is supposed to be designed so another process does the "sensitive" stuff on its behalf. For example, a low integrity IE tab process uses the medium integrity IE main process.
tzuk

_is_m00nbl00d

Post by _is_m00nbl00d » Sat Jun 04, 2011 11:07 am

tzuk wrote:No, that can't work. Low integrity level means a program can't access anything and is supposed to be designed so another process does the "sensitive" stuff on its behalf. For example, a low integrity IE tab process uses the medium integrity IE main process.
Perhaps there could be a way to manage that.

I run Chromium with an explicit low integrity level. That is, both the broker and children processes run with a low integrity level. It's possible to use it as normal, one just needs to set certain places to a low integrity level as well, so that we can download files, for example.

But, that aside, even if I just set Chromium to a low integrity level only, and nothing else, by running Chromium inside Sandboxie, I can download, etc just fine. Sandboxie functions as the broker "process" (medium integrity).

Perhaps you could work something around that?

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sat Jun 04, 2011 12:46 pm

I don't have any plans to add this feature into Sandboxie at this time.

But since you say that you can start Chrome in the sandbox with low integrity, then I'm not sure why you need Sandboxie to address this issue in some way.

However, if you explain here how to start programs in the sandbox with low integrity, and if some months from now, enough people report that they've been regularly using this and not seeing any problems with most programs, then I might add something like this similar to Drop Rights.
tzuk

_is_m00nbl00d

Post by _is_m00nbl00d » Sat Jun 04, 2011 12:54 pm

tzuk wrote:[...]
But since you say that you can start Chrome in the sandbox with low integrity, then I'm not sure why you need Sandboxie to address this issue in some way.[...]
Oh, I don't need Sandboxie to do that. I can do it on my own. ;D

I just thought of mentioning it, due to Blasev's request. Nothing else, really. :)

blasev
Posts: 20
Joined: Mon Apr 11, 2011 3:30 am

Post by blasev » Wed Jun 08, 2011 12:32 pm

Thx for the straight answer tzuk

I was thingking that I can use other internet browser with low integrity to add another layer of protection. But it seem it won't be necessary for now

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests