sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.89k stars 1.54k forks source link

When deleting a registry entry, no deletion mark was made for the values on the right side. #4149

Open pangshangji opened 3 months ago

pangshangji commented 3 months ago

Describe what you noticed and did

  1. reg add HKCU\123 The operation completed successfully.

  2. reg add HKCU\123 /v myint /t REG_DWORD /d 12345 The operation completed successfully.

  3. reg query HKCU\123 HKEY_CURRENT_USER\123 (Default) REG_SZ myint REG_DWORD 0x3039

  4. reg delete HKCU\123 The operation completed successfully.

  5. reg add HKCU\123 Value exists, overwrite(Yes/No)? y The operation completed successfully.

  6. reg query HKCU\123 HKEY_CURRENT_USER\123 (Default) REG_SZ myint REG_DWORD 0x3039

After creating a new entry in step five, when executing the command to query the registry in step six, the value of 'value' can still be retrieved.

How often did you encounter it so far?

every

Expected behavior

It is expected that when deleting an entry, a deletion mark is written for the 'value' on the right side. The next time this entry is created, only the 'Default' value will be present under it, without the 'myint' value.

Affected program

Not relevant

Download link

Not relevant

Where is the program located?

Not relevant to my request.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

No response

What version of Sandboxie are you running now?

Sandboxie Plus v1.14.6

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

What is your Windows edition and version?

Windows 10 22H2 64 bit

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

Microsoft Defender Antivirus

Did you previously enable some security policy settings outside Sandboxie?

No response

Trace log

No response

Sandboxie.ini configuration

No response

offhub commented 3 months ago

Sandboxie's new filesystem and registry virtualization scheme can be enabled by adding UseFileDeleteV2=y and UseRegDeleteV2=y to the Sandboxie.ini, which changes the mechanism of how host files/keys are marked within the sandbox as deleted.

See https://sandboxie-plus.github.io/sandboxie-docs/Content/Delete-V2/

sbieFileRegVirtV2

pangshangji commented 3 months ago

I tested the yellow box, and after setting UseRegDeleteV2=y, the aforementioned error did not occur. The deletion records of registry entries are now stored in RegPaths.dat.

Could this introduce new issues? Specifically, if a registry entry with the same name is created again within the sandbox, it will not be able to access the values under the corresponding registry entry outside the sandbox, even if new values are added to the registry entry outside the sandbox.

pangshangji commented 3 months ago

If a path is added to the RegPaths.dat or FilePaths.dat files, will it be permanently inaccessible from within the sandbox after recreating the entry or folder? Is there a specific moment when the entry or folder path would be removed from the RegPaths.dat or FilePaths.dat files?

offhub commented 3 months ago

If a path is added to the RegPaths.dat or FilePaths.dat files, will it be permanently inaccessible from within the sandbox after recreating the entry or folder?

Yes, you will no longer be able to access it.

Is there a specific moment when the entry or folder path would be removed from the RegPaths.dat or FilePaths.dat files?

No, only when the sandbox content is deleted.

You can remove it manually if absolutely necessary or you will need use OpenXXX directives and access the data directly on the host system.

DavidXanatos commented 3 months ago

The idea is that once you "delete" something on the host from within the box it ought to stay "deleted", no mater what happens on the host. So the behavior is intentional and will stay this way.

That said perhaps I should add some view where this *.dat files can be easily viewed and edited, that would improve the usability.

DavidXanatos commented 3 months ago

PS: as delete V1 is considdered on its way out and delete V2 works fine I'll mark this as not a bug, since Delete V2 can be considered a fix for the delete V1 shortcomings.

Also in one of the upcoming builds I'll make delete V2 also the default for the default box, its already the default for newel created boxes.