DavidXanatos
commented
1 year ago I cant reproduce this anyone else being able to reproduce this issue?
Open tohghua opened 1 year ago
DavidXanatos
commented
1 year ago I cant reproduce this anyone else being able to reproduce this issue?
coltsfootrock
commented
1 year ago Not really too sure what I did to reproduce it as the exe was not in English my native language. Just downloaded it and ran in in yellow Sbie+ box and clicked on the highlighted boxes during the install.
Used a yellow box
bastik-1001
commented
1 year ago I am also not able to reproduce this. On Windows 7, the CarpaBrowser crashes, after being installed, no files are created outside the sandbox. On another machine that runs Windows 10, the installer is able to launch the browser, but when I type a (or something else) and click the left-most button, a message appears telling me that it failed to write to the drive with the letter d.
There is just C and it is not a "real" computer, just a device running Windows 10.
offhub
commented
1 year ago offhub
commented
1 year ago ClosedClsid={00021401-0000-0000-C000-000000000046}
bastik-1001
commented
1 year ago It appears as if messing with the HKCU does not require a process to be elevated, whereas it needs to be for messing with HKLM?
Does this affect the boxes where the processes are not allowed to be started elevated? And what about security hardened boxes?
DavidXanatos
commented
1 year ago the registry changes should be contained within the box, did you observed otherwise? in case of this specific browser bug it seams it arises when allowing to communicate with a unsandboxed windows component try removing Template=OpenWinInetCache from [DefaultTemplates] in the templates.ini
bastik-1001
commented
1 year ago did you observed otherwise?
No, I did not. My comment was based on the ClosedClsid={00021401-0000-0000-C000-000000000046} being suggested as a possible workaround.
offhub
commented
1 year ago This can also be used as a workaround.
NormalIpcPath=\RPC Control\webcache_*
isaak654
commented
1 year ago Considering the OpenWinInetCache template:
1 - Is there a way to configure it so that it is only applied under certain conditions (such as the presence or absence of specific registry keys/files/folders)?
2.1 - What about replacing line 468 with OpenIpcPath=!executable.exe,\RPC Control\webcache_* ?
Describe what you noticed and did
The problem is why the program can break through the sandbox to create folder directly in disk.
How often did you encounter it so far?
No response
Affected program
test.exe
Download link
https://cowtransfer.com/s/98e76eb3f5294a
Where is the program located?
The program is installed only inside a sandbox (NOT in the real system anyway).
Expected behavior
It should unable to create file/folder in c:
What is your Windows edition and version?
win10
In which Windows account you have this problem?
A local account (Administrator).
Please mention any installed security software
none
What version of Sandboxie are you running?
Sandboxie Plus 1.9.8
Is it a new installation of Sandboxie?
I recently did a new clean installation.
Is it a regression?
No response
In which sandbox type you have this problem?
In a standard isolation sandbox (yellow sandbox icon).
Can you reproduce this problem on a new empty sandbox?
I can confirm it also on a new empty sandbox.
Did you previously enable some security policy settings outside Sandboxie?
No response
Crash dump
No response
Trace log
No response
Sandboxie.ini configuration
No response