An easy-to-implement feature

Ideas for enhancements to the software
Post Reply
Lord HiperiX

An easy-to-implement feature

Post by Lord HiperiX » Wed Jul 12, 2006 9:56 am

Run a program ouside of the sandbox!!

IE: Windows / Microsoft Update or run FF out of the sandbox to update the extensions / themes

This feature shoud override the "forced programs" option...

SBIE User

Post by SBIE User » Wed Jul 12, 2006 11:24 am

Both of these functions are available already, but not as specifically named features. Perhaps you know that and are just asking for specific settings focused on these particular actions like updating Windows or adding extensions to Firefox, but both can be done quite easily already from the existing GUI.

In case you're not aware of that, here's how I do both of these. If you already know this, perhaps the info will help someone else.

Windows Update

Just before opening IE and selecting Tools/Windows Update, I open the Sandboxie GUI and select Options/Temporarily Disable Forced Programs. Then I have 10 seconds to start IE. Once IE opens outside the sandbox, I can take as long as needed to do the updates. (The 10 second deadline is built into Sandboxie and only applies to starting a forced program outside the sandbox.)

Update or Add Firefox Bookmarks, Extensions and Themes

I have Firefox as a forced program, but I allow updates transparently by adding the following setting in the Sandboxie config file under [Default Box]:

OpenFilePath=firefox.exe,C:\Program Files\Mozilla Firefox\defaults\profile

That allows any changes I make to my Firefox bookmarks, themes or extensions to be made outside the sandbox.


Hope that helps you or someone else.

SBIE (Happy) User

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Wed Jul 12, 2006 11:46 am

Nice summary SBIE User, just one small addition:
(The 10 second deadline is built into Sandboxie and only applies to starting a forced program outside the sandbox.)
10 seconds is a built-in default, but it is configurable:

(in Sandboxie.ini)

[GlobalSettings]
...
ForceProcess=...
ForceDisableSeconds=30

You can set any number of seconds.

The ForceDisable period ends as soon as you launch one of the forced processes, or when the configured (or defaulted) number of seconds has elapsed.
tzuk

SBIE User

Post by SBIE User » Wed Jul 12, 2006 12:18 pm

Thanks, tzuk. I didn't know about that.

10 seconds is really enough and has never been a problem, but I knowing I have an extra few seconds. I don't like pressure! :D

SBIE (Happy) User

Unknown_User_458
Posts: 0
Joined: Wed Dec 31, 1969 7:00 pm

Unsafe use of Firefox profiles?

Post by Unknown_User_458 » Tue Sep 19, 2006 11:43 am

Is this example given by "SBIE user" safe?

If you look at the File Copy Options, (Configuration / Sandbox settings / Set File Copy Options) there are check boxes which include "Allow Mozilla Firefox full access to profile files, such as bookmarks and extensions (NOT Recommended)". If however you ignore the negative recommendation, it allows access to the full Profiles folder (see the resulting Sandboxie.ini file) . I don't know why this is unsafe - which is why I am asking here. Maybe it's the access to registry keys which is unsafe?

(Actually my folder structure is different - I use XP, maybe "SBIE user" uses a different implementation of Windows?)

The reason I ask is that I want to include parts of the profiles - the passwords and bookmarks. However as bookmarks are implemented as html files is this why this is unsafe?

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Thu Sep 21, 2006 3:22 pm

Lord HiperiX wrote:I don't know why this is unsafe - which is why I am asking here. Maybe it's the access to registry keys which is unsafe?
This is why it's not recommended:
SBIE User wrote:That allows any changes I make to my Firefox bookmarks, themes or extensions to be made outside the sandbox.
(Emphasis mine.) You may want to share just the sandboxed bookmarks with the outside system, but effectively you are sharing the enitre profile folder, including extensions and themes.

If you think that's just fine, ignore my negative recommendation, and Just Do It.
tzuk

Unknown_User_458
Posts: 0
Joined: Wed Dec 31, 1969 7:00 pm

Post by Unknown_User_458 » Thu Sep 28, 2006 4:39 pm

Thanks tzuk for the answer. I have implemented a more restricted access to profiles. i.e. only bookmarks and passwords via adding this to the configuration sandboxie.ini file

OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\xxxxxxx.default\bookmarks.html
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\xxxxxxx.default\signons.txt
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\xxxxxxx.default\key3.db

(xxxxxxx is my particular FF profiles folder)

This works fine. I prefer not to allow access to extensions outside the sandbox, not because I know of any particular risk but just to be safe as I don't have an extension which needs this access.

Post Reply

Who is online

Users browsing this forum: Baidu [Spider] and 4 guests