Makes Sandboxie pc-accounts less private or am I wrong?

Ideas for enhancements to the software
Post Reply
Wikkie
Posts: 3
Joined: Wed Mar 08, 2017 9:22 am

Makes Sandboxie pc-accounts less private or am I wrong?

Post by Wikkie » Wed Mar 08, 2017 9:32 am

On my computer I have been testing if it is possible for a useraccount to read information which is written on one other useraccount, if that information is stored sandboxed. Both accounts don't have administratorrights. And it is, so I thought that I could better ask on this forum if this is meant to be so.

I made on my computer (Windows 10), two useraccounts, named Skip2 and Skip3. Both are protected with a different code, so you can't see the files of the other account.
In Skip2 I made a sandboxed document, and kept it sandboxed, (so it is invisible when you are out of the sandbox).
When I leave this account and use account Skip3, then it is possible to read and write in the Sandboxed document by following Explorer.
This path: C:\Sandbox\Skip2\DefaultBox\user\current\Documents\Topsecretveryconfidential.txt
Also it is by this way possible to copy the document from Skip2 (where it is stored sandboxed) to Skip3 (now unsandboxed).
So Sandboxie seems less (privacy)safe than I thought, but perhaps I haven't configured it well enough?

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2722
Joined: Mon Nov 07, 2016 3:10 pm

Re: Makes Sandboxie pc-accounts less private or am I wrong?

Post by Barb@Invincea » Wed Mar 08, 2017 11:32 am

Hello Wikkie,

Please have a look at these:
https://www.sandboxie.com/index.php?Use ... tsSettings

http://forums.sandboxie.com/phpBB3/view ... nt#p109558

As for navigating to the files outside Sandboxie, it depends on what type of permissions does that user have.
You can set Windows permissions to restrict a user to access a location.

Regards,
Barb.-

MrAndreas
Posts: 3
Joined: Thu Jun 22, 2017 5:53 pm

Re: Makes Sandboxie pc-accounts less private or am I wrong?

Post by MrAndreas » Thu Jun 22, 2017 6:15 pm

The settings don't change the fact that Sandboxie stores user data in its own root directory using basic access permissions. Even a standard user has access to the Sandbox folder in the root. On top of this, a user should not be asked to have to change access permissions of directories that should be secure by design. This is not good. Windows has user profile folders for this purpose. The user profile folders are set up with the correct permissions to disallow any other user access to sensitive data. These are the folders Sandboxie should be using. Personally I'm highly disappointed by this discovery. I've ditched software for just this reason in the past.

I can think of a simple workaround that may temporarily solve this issue, but it all depends on if the Sandboxie service (if there's such a thing) has the right permissions following this change:

1) For each user directory in C:\Sandbox...

1.2) Create a Sandbox directory under %userprofile%\AppData\Local

1.3) Move the user data (not the user folder) from C:\Sandbox\<User> into %userprofile%\AppData\Local\Sandbox

1.4) Create a symbolic link mapping C:\Sandbox\<User> to %userprofile%\AppData\Local\Sandbox

2) [Optional] Similarly, C:\Sandbox should live under C:\ProgramData. As with the user folders, this can be moved and mapped the same way. However, at the end of the day, the folder shouldn't even exist under the root.

NOTE: I have not yet tested if these changes will work!

---------------- UPDATE ---------------------------------------
Just tested part one of my solution and it works. The problem with my solution will be that paths may exceed the 256 character limit and fail. I haven't yet had this issue, but I can see it being an issue. However, I understand Microsoft plans to lift this restriction, not sure if that's on NTFS or ReFS, though.

Perhaps, what's needed is to create a virtual disk for each user and write to this instead. However, the virtual disks still need to reside under the respective user profile for security.
Last edited by Barb@Invincea on Mon Jun 26, 2017 11:21 am, edited 1 time in total.
Reason: Merged posts.

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2722
Joined: Mon Nov 07, 2016 3:10 pm

Re: Makes Sandboxie pc-accounts less private or am I wrong?

Post by Barb@Invincea » Mon Jun 26, 2017 11:59 am

Hello MrAndreas,

I have moved the topic to Features Requests.
Thank you for the feedback and the steps.

Regards,
Barb.-

RooJ
Posts: 83
Joined: Sun Dec 21, 2014 2:47 pm

Re: Makes Sandboxie pc-accounts less private or am I wrong?

Post by RooJ » Mon Jun 26, 2017 1:44 pm

I'm probably missing something but can you not just change the FileRootPath in sandboxie.ini? E.g.:

FileRootPath=C:\Users\%USER%\Documents\sandbox\%USER%\%SANDBOX%
or even,
FileRootPath=C:\Users\%USER%\Documents\sandbox\%SANDBOX%


Edit: I see this was already suggested by BUCKAROO in the link Barb provided:

# change the following line (which is your Set Container Folder setting)
FileRootPath=C:\Sandbox\%USER%\%SANDBOX%
# change it to exactly this next line
FileRootPath=%USERPROFILE%\Sandbox\%SANDBOX%

MrAndreas
Posts: 3
Joined: Thu Jun 22, 2017 5:53 pm

Re: Makes Sandboxie pc-accounts less private or am I wrong?

Post by MrAndreas » Mon May 21, 2018 12:05 am

Two things.

1) The default configuration should be multi-user safe by default.

2) Moving the root to a path with a long root can and will cause path issues since NTFS only allows 255 characters in length (it is being increased, yet increasing it does not solve the issue unless it has no limit). The solution is to either create a new partition where all data is saved and have that partition protected by a special user. Meanwhile, the workaround would be to apply the same security to each user-directory under the Sandboxie folder as the individual user folder has.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests