search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.69k stars 1.52k forks source link

%USER% expands to "system" instead of currently_logged_in_user #2653

Closed DonEstefan closed 1 year ago

DonEstefan commented 1 year ago

Describe what you noticed and did

  1. I use a windows account named "xxx" and moved the user folder to d:\xxx.

  2. I followed https://sandboxie-plus.com/sandboxie/filerootpath/ and set

    [GlobalSettings]
FileRootPath=D:\%USER%\Sandboxie\%SANDBOX%

    This worked for many years.

  3. Some sandboxie-releases ago (around the time this issue was created), I started geting error messages when starting a sandbox: PID 7852: SBIE2227 'Browser (D:\SYSTEM\Sandboxie\Browser)' is located on a volume which does not support 8.3 naming. This can cause issues with older applications and installers. However, the newer sandboxie-plus releases did not solve the problem. fsutil 8dot3name query d: shows that 8dot3-Nams are active. So this it not really about missing 8.3 names. Today I realized, that the %user% variable stopped dynamically providing my logged_in user name. It statically returns the "system" user name instead . So sandboxie started using a non existent path (D:\SYSTEM does not exist)

However, sandboxie seems to be working fine and seems to be putting files in the right folder (D:\xxx...). I'm not sure what to make of this...

How often did you encounter it so far?

always, in the last couple of sandboxie releases

Affected program

Not relevant

Download link

Not relevant

Where is the program located?

The program is installed both inside and outside the sandbox.

Expected behavior

What is your Windows edition and version?

Win10 21H2

In which Windows account you have this problem?

A local or Microsoft account without special changes.

Please mention any installed security software

Microsoft Defender

What version of Sandboxie are you running?

Sandboxie Plus 1.6.7 64 bit

Is it a new installation of Sandboxie?

I just updated Sandboxie from a previous version (to be specified).

Is it a regression?

since 5.60.0 (approximately)

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

[GlobalSettings]
FileRootPath=D:\%USER%\Sandboxie\%SANDBOX%
ghost commented 1 year ago

I can confirm it, SBIE v1.6.6, Win11 22h2

DavidXanatos commented 1 year ago

where exactly do you see %USER% returning "system" ?

DonEstefan commented 1 year ago

where exactly do you see %USER% returning "system" ?

The SBIE2227 error message posted above contains the path D:\SYSTEM\Sandboxie\Browser. Since FileRootPath is set to D:\%USER%\Sandboxie\%SANDBOX% I would assume that %USER% returns "SYSTEM".

DavidXanatos commented 1 year ago

Ah I see... this is not a bug but an artifact of how that particulate SBIE Message is issued, it does not originates with any sandboxed process but comes from the sbiesvc.exe service which runs under the system account and that's why it reports %USER% to be "system". This should not cause any issues at all.

DonEstefan commented 1 year ago

it does not originates with any sandboxed process but comes from the sbiesvc.exe service which runs under the system account

But some kind of error handling must have triggered the SBIE2227. I suspect the code triggering SBIE2227 is also part of sbiesvc.exe and creates unexpected results, due to %USER% suddenly providing unexpected values.

This should not cause any issues at all.

Well, these are the issues it caused for me

  1. I get error message popups every time I start a sandbox.
  2. The message gives the clear impression that sandboxed files end up in locations they shouldn't have access to
  3. The message in the popup points out a completely unrelated problem and gives misleading hints on how to solve the problem
  4. The message made me spend hours trying to find the cause of the problem, which you say does not even exist

I find it likely that everyone else using %user% in the config will run into the same issues

ghost commented 1 year ago

I cant start an app which is installed on non system partition (the same partition where sandbox folder is located).. The same error like mentioned in first post appears.

Also, when I use Junction, I receive access denied error

Sandboxie Start

Could not invoke program:

"X:\Program Files\someapp\someapp.exe"

System Error Code:

Access is denied.

(5)

OK

DavidXanatos commented 1 year ago

hmpf... to clarify it once more: SBIE2227 is not an error just an info message to enable 8.3 naming support on all volumes which are used to hold sandboxes. It is not generated in response to an error, or anything, the service, whenever a process is started in a sandbox which was inactive before, resolves the box's root path and checks if said path is located on a volume supporting 8.3 naming, if not then it issues the sbie message.

if it resolves %user% to the actual user or to system at this stage is irrelevant.

Everything should run just fine, as fine as it can on a non 8.3 naming supporting device, despite of this warning.

@mysteriously please elaborate how your are using Junctions.