search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.85k stars 1.54k forks source link

When an administrator opens a word document, the printing will stall for half a minute (office2016 x32) #3064

Closed lmou523 closed 1 year ago

lmou523 commented 1 year ago

Describe what you noticed and did

Start by opening a word document as an administrator

How often did you encounter it so far?

every time

Affected program

office 2016 32bit

Download link

Not relevant

Where is the program located?

The program is installed both inside and outside the sandbox.

Expected behavior

Click to print without delay

What is your Windows edition and version?

windows 10 pro workstation 22h2

In which Windows account you have this problem?

A local account (Standard user).

Please mention any installed security software

windows Defender

What version of Sandboxie are you running?

1.9.6 64bit

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression?

No response

In which sandbox type you have this problem?

In an Application Compartment sandbox with no isolation (green sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

#
# Sandboxie configuration file
#

[GlobalSettings]
FileRootPath=C:\Users\Teclink\Desktop\SbieDir\Sandbox\%SANDBOX%
Template=OfficeLicensing
Template=WindowsLive
Template=WindowsRasMan

[UserSettings_176402EB]
SbieCtrl_AutoStartAgent=SandMan.exe
BoxGrouping=:DefaultBox
SbieCtrl_EnableAutoStart=y

[DefaultBox]
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00FFFF,ttl
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=10

UnfilteredToken=y
OriginalToken=y
UnrestrictedToken=y
NoSecurityIsolation=y
OpenCredentials=y
RunServicesAsSystem=y

OpenFilePath=*
OpenKeyPath=*
lmou523 commented 1 year ago

This problem requires administrator privileges to be repeated and is 32-bit (because it triggers splwow64). I looked up the cause and it was because splwow64.exe was waiting for a time image

lmou523 commented 1 year ago

I just verified that splwow64 will have problems in the green box This causes bugs in printing 32-bit processes(I am an administrator account)

lmou523 commented 1 year ago

@DavidXanatos ,I think I found out why. When IPC_GetName2 is used, Ipc_GetName_AdjustSplWow64Path is called to adjust the path of IPC objects But when I add NoSecurityIsolation=y, its handling of splwow64's kernel objects fails I can fix this by masking these two lines of code for testing now image

lmou523 commented 1 year ago

@DavidXanatos ,I'll take a little extra time to study the matter. The green box should connect the alpc port correctly without processing。However, the integrity level of the port path created by splwow64 appears to be wrong, causing 32-bit applications to fail to connect to splwow64。