1.14.2

2024-06-11 08:59:35 +02:00 · 2024-06-11 08:59:35 +02:00 · 017291290b
parent 9d9fef6e84
commit 017291290b
4 changed files with 17 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,15 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).


+
+
+## [1.14.2 / 5.69.2] - 2024-06-??
+
+### Fixed
+- fixed security issue with the newly introduced experimental "UseCreateToken=y" machanism
+
+
+
 ## [1.14.1 / 5.69.1] - 2024-06-06

 ### Added
--- a/Sandboxie/common/my_version.h
+++ b/Sandboxie/common/my_version.h
@ -26,7 +26,7 @@

 #define VERSION_MJR		5
 #define VERSION_MIN 	69
-#define VERSION_REV 	1
+#define VERSION_REV 	2
 #define VERSION_UPD 	0

 #if VERSION_UPD > 0
--- a/Sandboxie/core/drv/token.c
+++ b/Sandboxie/core/drv/token.c
@ -2259,15 +2259,18 @@ _FX void* Token_CreateToken(void* TokenObject, PROCESS* proc)
                    continue;
                }

-                if (KeepLogonSession && (LocalGroups->Groups[i].Attributes & SE_GROUP_LOGON_ID))
+				if ((LocalGroups->Groups[i].Attributes & SE_GROUP_LOGON_ID)) {
+					if(!KeepLogonSession)
+						LocalGroups->Groups[i].Attributes = SE_GROUP_LOGON_ID | SE_GROUP_USE_FOR_DENY_ONLY;
 					continue;
+				}

                if (RtlEqualSid(LocalGroups->Groups[i].Sid, LocalUser->User.Sid)) {
                    if (KeepUserGroup)
                        continue;
                }

-                LocalGroups->Groups[i].Attributes = 0;
+                LocalGroups->Groups[i].Attributes = SE_GROUP_USE_FOR_DENY_ONLY;
            }
        }

--- a/SandboxiePlus/version.h
+++ b/SandboxiePlus/version.h
@ -2,7 +2,7 @@

 #define VERSION_MJR		1
 #define VERSION_MIN 	14
-#define VERSION_REV 	1
+#define VERSION_REV 	2
 #define VERSION_UPD 	0

 #ifndef STR