Include processes to run in a specific sandbox

Ideas for enhancements to the software
Post Reply
Jokerside

Include processes to run in a specific sandbox

Post by Jokerside » Wed Jan 26, 2011 2:57 pm

I know the subject sounds odd, but there wasn't room for more.

First, I'd like to say that I have no idea how easy it would be to implement such; so, I'd just like to express a wish. If possible to do it, great; if not, it's OK.

OK. What I have in mind is, suppose you have an e-mail client you do not want to run the e-mail client itself under a sandbox, but you still would like to open its attachments under a sandbox.
My idea is to have a sandbox where I could define to start XYZ process under that sandbox, but only if the process that triggers this XYZ process is on the list. This way, such XYZ process would only run sandboxed under those conditions, and run outside the sandbox, if the process triggering them doesn't match the one in the list.

Again, if something easy, or something you'd feel OK implementing it, great, otherwise no hard feelings. :)


Thank you for your time and for Sandboxie. :)

SnDPhoenix
Posts: 2690
Joined: Tue Dec 26, 2006 5:44 pm
Location: West Florida

Post by SnDPhoenix » Wed Jan 26, 2011 3:41 pm

So if I understand correctly, you're basically asking for this.
As an example,
Don't force Firefox sandboxed.
Don't force Notepad sandboxed.
Do force Notepad sandboxed if opened by Firefox.
:?:

Jokerside

Post by Jokerside » Wed Jan 26, 2011 4:20 pm

SnDPhoenix wrote:So if I understand correctly, you're basically asking for this.
As an example,
Don't force Firefox sandboxed.
Don't force Notepad sandboxed.
Do force Notepad sandboxed if opened by Firefox.
:?:
Yes, precisely. The reason for such is that, I recently installed Sandboxie to a relative, but to be able to set it up in a proper way to resolve any program that would not start/run, I decided not to force the e-mail client to a sandbox, because it could be possible that such an alert/some other alert could appear, and my relative didn't want it that way, and also dislikes having to right-click something and choose to run unsandboxed then.

So, that left me with an alternative: I have sandboxed PDF reader and media player, but I have not, as an example, sandboxed Office applications, otherwise whenever starting some office application it would be forced to open in sandboxie. So, it would be great it would be possible to force xyz *.doc file, *.xls file, etc., if Word, Excel, etc are triggered by the e-mail client process.

That's just an example.

This would give my relative the comfort of having those dangerous stuff sandboxed, while the e-mail client, itself, would not. It sure would be way better than not being sandboxed, at all.

Mike
Posts: 592
Joined: Mon Nov 16, 2009 1:27 pm

Post by Mike » Wed Jan 26, 2011 4:31 pm

In the meantime, you might try this as a workaround: http://www.sandboxie.com/phpbb/viewtopic.php?t=7088
Jokerside wrote:... I decided not to force the e-mail client to a sandbox, because it could be possible that such an alert/some other alert could appear ...
I think that, once you figure out the necessary settings for the above workaround, you would rarely if ever see alerts related to the email client.

Jokerside

Post by Jokerside » Wed Jan 26, 2011 4:47 pm

Mike wrote:In the meantime, you might try this as a workaround: http://www.sandboxie.com/phpbb/viewtopic.php?t=7088
Jokerside wrote:... I decided not to force the e-mail client to a sandbox, because it could be possible that such an alert/some other alert could appear ...
I think that, once you figure out the necessary settings for the above workaround, you would rarely if ever see alerts related to the email client.
Thanks for the link.

I'm aware that once I figure out the necessary settings that most of the alerts would be gone. The problem is I don't have such time, and having from time to time my relative sending me an e-mail or calling me on the phone "Oh, this is displaying an error." "Oh, something is requesting permissions to run in the sandbox, should I allow it?".

Stuff like that. I really don't have such time. Not to mention it wouldn't be practical, I'm afraid.

Mike
Posts: 592
Joined: Mon Nov 16, 2009 1:27 pm

Post by Mike » Wed Jan 26, 2011 5:38 pm

Jokerside wrote:The problem is I don't have such time, and having from time to time my relative sending me an e-mail or calling me on the phone "Oh, this is displaying an error." "Oh, something is requesting permissions to run in the sandbox, should I allow it?".
Yeah, I totally get that.

I was kind of assuming that you wouldn't really have to figure anything out, since settings like this should practically make your email program unsandboxed:

Code: Select all

OpenFilePath=outlook.exe,*
OpenKeyPath=outlook.exe,*
OpenIpcPath=outlook.exe,*
OpenWinClass=outlook.exe,*
OpenClsid=outlook.exe,*
But who knows, there are always surprises. Anyway, just trying to give you an option if tzuk isn't able to fulfill your request.

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Wed Jan 26, 2011 6:41 pm

I think this is an interesting feature and I may implement it some day.
tzuk

Jokerside

Post by Jokerside » Wed Jan 26, 2011 8:08 pm

tzuk wrote:I think this is an interesting feature and I may implement it some day.
Thanks. :)

CKYTEP

Post by CKYTEP » Sun Jun 12, 2011 6:46 pm

Hello,

Sorry for bringing this kind of old thread into life... I'm truly an angel, you know. ;) Anyway, I'd just like to say that this would indeed by a welcome feature to Sandboxie.

So, I vote for this feature. It would be nice if I could force an application to be sandbox only if it was initiated by another application.


Thanks!!

D1G1T@L
Posts: 577
Joined: Sun Apr 17, 2011 7:40 pm
Location: DefaultBox

Post by D1G1T@L » Sun Jun 12, 2011 7:04 pm

tzuk wrote:I think this is an interesting feature and I may implement it some day.
+1

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Mon Jun 13, 2011 11:26 am

Yes, I plan to add this feature soon, "soon" being a flexible term of course. :)
tzuk

wangyin
Posts: 1
Joined: Tue Aug 02, 2011 6:27 am
Location: Canada

Post by wangyin » Tue Aug 02, 2011 6:30 am

I think this could be an fascinating attribute and I may possibly apply it some day.

(This is a spam post. --tzuk)

Guest10
Posts: 5127
Joined: Sun Apr 27, 2008 5:24 pm
Location: Ohio, USA

Post by Guest10 » Tue Aug 02, 2011 7:40 am

Ha! ^^^^

In the past I've seen a spammer use my signature in a message, along with their junk.
Now tzuk's words have been copied and used in a spam message.
(Sorry about adding to the posts that need to be deleted, but I couldn't help myself)
Paul
Win 10 Home 64-bit (w/admin rights) - Zone Alarm Pro Firewall, MalwareBytes Premium A/V, Firefox, Thunderbird
Sandboxie user since March 2007

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Tue Aug 02, 2011 2:20 pm

Funny that it's not a verbatim quote but they change the wording a bit.
tzuk

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests