Desktop Closed File Path permissions issue

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic

https://Sandboxie-Plus.com

GNU General Public License v3.0

13.69k stars 1.52k forks source link

Desktop Closed File Path permissions issue #148

Closed ghost closed 3 years ago

ghost commented 4 years ago

Hello,

When you add Closed File Path to Desktop, explorer will show permissions warning every time you invoke save file window.

1) Add ClosedFilePath=%SystemDrive%\Users\*\Desktop\ to Sandboxie.ini (instead of * you can type your user name) 2) Run any program and click save file as 3) Notice the [#] Desktop [#] You don't currently have permission to access this folder. Click Continue to permanently get access to this folder.

The warning appears every time you invoke the save as window. Your default program's save as path does not have to be Desktop. You don't have to click on Desktop folder to get the warning.

Please fix this as it is very annoying and causes high slowdown when saving files.

Also thank you so much for taking over the Sandboxie project. I much appreciate this.

diversenok commented 4 years ago

You instructed Sandboxie to deny access to this folder, and it did. Unfortunately, the default file selection dialog always tries to access the Desktop folder, so it starts complaining. It is not a bug in Sandboxie. Instead of closing the folder entirely, configure it to be write-only.

ghost commented 4 years ago

Yes, I did, as I don't want SBIE to read it. Also I am not even trying to use it to save files. I don't get it why it does try to use it anyway. This is not a solution. Well, even if it is not a bug, is there any other way to fix it? Symbolic link, some configuration trick or anything?

ghost commented 4 years ago

Changing Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop and Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop paths works but only without dropped rights. However I have no idea how to propagate this setting across sandboxes

ghost commented 4 years ago

I added AutoExec=reg import %SystemRoot%\SBIE.reg to sandboxie.ini and Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Desktop"="driveletter:\path\"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Desktop"="driveletter:\path\" and it works

DavidXanatos commented 3 years ago

What will help here will be the planned feature to now allow a sandbox access any personal data by default

ghost commented 3 years ago

Read access is by default. If you have write access in mind, I can't agree