search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.5k stars 1.5k forks source link

Add support for Microsoft EFS (NTFS encryption feature) #1980

Open isaak654 opened 2 years ago

isaak654 commented 2 years ago

Is your feature request related to a problem or use case?

Source: https://forum.xanasoft.com/threads/microsoft-efs.368/

Hello sandboxie 1.0.22 and earlier Windows 7 pro 64bit and w10 pro 64bit If I encrypt Thunderbird profile, then I cannot use that program, because I get a message "Thunderbird is already started". Sandboxie launch that program like "anonymous access" and so (I suppose) it cannot read my EFS certificate.

Describe the solution you'd like

It would be useful to launch isolated sandboxed programs even if they were encrypted with EFS.

Describe alternatives you've considered

No response

Dyras commented 2 years ago

Yes please! Preferably as a feature you can opt-out of on a Sandbox-basis. I encrypt all my sensitive files on my computer with EFS, because I know that if malware in my Firefox-Sandbox tries grabbing my pictures or whatever, they are encrypted and can't be opened.

DavidXanatos commented 2 years ago

I have looked into this and it looks like EFS only works when the process token belongs to the user which has access, impersonating that user's token when issuing NtOpenFile is not sufficient.

So, if you need EFS to work I would suggest using a compartment type box, this work fine.

Alternatively we could move the NtOpenFile call out to a proxy process and pass back the handle but that really complicates things and I'm not sure if its worth the afford.