mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

#4139

This commit is contained in:
DavidXanatos 2024-11-15 08:58:45 +01:00
parent b5e74019e3
commit 10f22fec92
4 changed files with 83 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -13,6 +13,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added "Description" field inside the sandbox settings [#4243](https://github.com/sandboxie-plus/Sandboxie/issues/4243) - added "Description" field inside the sandbox settings [#4243](https://github.com/sandboxie-plus/Sandboxie/issues/4243)
- added "NotifyMsiInstaller=y" enabled by default to display message SBIE2194 when an MSI installer is run in a box without the recommended exemptions [#4330](https://github.com/sandboxie-plus/Sandboxie/issues/4330) - added "NotifyMsiInstaller=y" enabled by default to display message SBIE2194 when an MSI installer is run in a box without the recommended exemptions [#4330](https://github.com/sandboxie-plus/Sandboxie/issues/4330)
- SBIE2194: MSI installer requires 'MsiInstallerExemptions=y' option to be set in the ini to be able to work correctly, however this option weakens the isolation. - SBIE2194: MSI installer requires 'MsiInstallerExemptions=y' option to be set in the ini to be able to work correctly, however this option weakens the isolation.
- added option to hide installed programs [#4139](https://github.com/sandboxie-plus/Sandboxie/issues/4139)
### Fixed ### Fixed
- fixed Sign the .tmp file that gets dropped when installing or updating Sandboxie Plus [#2643](https://github.com/sandboxie-plus/Sandboxie/issues/2643) - fixed Sign the .tmp file that gets dropped when installing or updating Sandboxie Plus [#2643](https://github.com/sandboxie-plus/Sandboxie/issues/2643)

4
Sandboxie/install/Templates.ini
View File

@ -598,6 +598,10 @@ BreakoutDocumentProcess=explorer.exe,y
# block VMNet0 virtual network configuration (issue 1102) # block VMNet0 virtual network configuration (issue 1102)
ClosedFilePath=vmnetcfg.exe,\Device\VMnetUserif ClosedFilePath=vmnetcfg.exe,\Device\VMnetUserif
[Template_HideInstalledPrograms]
# hide uninstall key
WriteKeyPath=*\Software*\Microsoft\Windows\CurrentVersion\Uninstall\*
# #
# Internet Explorer # Internet Explorer

140
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -45,7 +45,7 @@
<enum>QTabWidget::North</enum> <enum>QTabWidget::North</enum>
</property> </property>
<property name="currentIndex"> <property name="currentIndex">
<number>0</number> <number>10</number>
</property> </property>
<widget class="QWidget" name="tabGeneral"> <widget class="QWidget" name="tabGeneral">
<attribute name="title"> <attribute name="title">
@ -4885,46 +4885,6 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
<string>Processes</string> <string>Processes</string>
</attribute> </attribute>
<layout class="QGridLayout" name="gridLayout_86"> <layout class="QGridLayout" name="gridLayout_86">
<item row="2" column="1">
<widget class="QCheckBox" name="chkHideNonSystemProcesses">
<property name="text">
<string>Don't allow sandboxed processes to see processes running outside any boxes</string>
</property>
</widget>
</item>
<item row="5" column="2">
<spacer name="verticalSpacer_16">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="7" column="2">
<widget class="QPushButton" name="btnDelProcess">
<property name="text">
<string>Remove</string>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="lblProcessHiding">
<property name="font">
<font>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Process Hiding</string>
</property>
</widget>
</item>
<item row="6" column="2"> <item row="6" column="2">
<widget class="QCheckBox" name="chkShowHiddenProcTmpl"> <widget class="QCheckBox" name="chkShowHiddenProcTmpl">
<property name="text"> <property name="text">
@ -4932,27 +4892,13 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
</property> </property>
</widget> </widget>
</item> </item>
<item row="4" column="2"> <item row="8" column="0" colspan="2">
<widget class="QPushButton" name="btnAddProcess"> <widget class="QCheckBox" name="chkBlockWMI">
<property name="text"> <property name="toolTip">
<string>Add Process</string> <string>Some programs read system details through WMI (a Windows built-in database) instead of normal ways. For example, &quot;tasklist.exe&quot; could get full processes list through accessing WMI, even if &quot;HideOtherBoxes&quot; is used. Enable this option to stop this behaviour.</string>
</property> </property>
</widget>
</item>
<item row="1" column="1">
<widget class="QCheckBox" name="chkHideOtherBoxes">
<property name="text"> <property name="text">
<string>Don't allow sandboxed processes to see processes running in other boxes</string> <string>Prevent sandboxed processes from accessing system details through WMI (see tooltip for more info)</string>
</property>
</widget>
</item>
<item row="3" column="0" colspan="2">
<widget class="QLabel" name="label_24">
<property name="text">
<string>Hide host processes from processes running in the sandbox.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property> </property>
</widget> </widget>
</item> </item>
@ -4979,13 +4925,77 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
</column> </column>
</widget> </widget>
</item> </item>
<item row="8" column="0" colspan="2"> <item row="2" column="1">
<widget class="QCheckBox" name="chkBlockWMI"> <widget class="QCheckBox" name="chkHideNonSystemProcesses">
<property name="toolTip"> <property name="text">
<string>Some programs read system details through WMI (a Windows built-in database) instead of normal ways. For example, &quot;tasklist.exe&quot; could get full processes list through accessing WMI, even if &quot;HideOtherBoxes&quot; is used. Enable this option to stop this behaviour.</string> <string>Don't allow sandboxed processes to see processes running outside any boxes</string>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="lblProcessHiding">
<property name="font">
<font>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property> </property>
<property name="text"> <property name="text">
<string>Prevent sandboxed processes from accessing system details through WMI (see tooltip for more info)</string> <string>Process Hiding</string>
</property>
</widget>
</item>
<item row="3" column="0" colspan="2">
<widget class="QLabel" name="label_24">
<property name="text">
<string>Hide host processes from processes running in the sandbox.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="5" column="2">
<spacer name="verticalSpacer_16">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="1" column="1">
<widget class="QCheckBox" name="chkHideOtherBoxes">
<property name="text">
<string>Don't allow sandboxed processes to see processes running in other boxes</string>
</property>
</widget>
</item>
<item row="7" column="2">
<widget class="QPushButton" name="btnDelProcess">
<property name="text">
<string>Remove</string>
</property>
</widget>
</item>
<item row="4" column="2">
<widget class="QPushButton" name="btnAddProcess">
<property name="text">
<string>Add Process</string>
</property>
</widget>
</item>
<item row="9" column="0" colspan="2">
<widget class="QCheckBox" name="chkHideHostApps">
<property name="toolTip">
<string>This option hides the registry path *Software*MicrosoftWindowsCurrentVersionUninstall*, allowing software installed on the host to be reinstalled in the sandbox. However, it does not hide software-specific files and folders. If the installer still encounters issues, you will need to define custom WriteFilePath entries to hide the relevant files on disk.</string>
</property>
<property name="text">
<string>Hide the host software uninstall key (see tool tip)</string>
</property> </property>
</widget> </widget>
</item> </item>

3
SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
View File

@ -16,6 +16,7 @@ void COptionsWindow::CreateAccess()
connect(ui.chkPrivacy, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx())); connect(ui.chkPrivacy, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
connect(ui.chkUseSpecificity, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx())); connect(ui.chkUseSpecificity, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
connect(ui.chkBlockWMI, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx())); connect(ui.chkBlockWMI, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
connect(ui.chkHideHostApps, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
connect(ui.chkCloseForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx())); connect(ui.chkCloseForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
connect(ui.chkNoOpenForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx())); connect(ui.chkNoOpenForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
// //
@ -163,6 +164,7 @@ void COptionsWindow::LoadAccessList()
ui.chkPrivacy->setChecked(m_pBox->GetBool("UsePrivacyMode", false)); ui.chkPrivacy->setChecked(m_pBox->GetBool("UsePrivacyMode", false));
ui.chkUseSpecificity->setChecked(m_pBox->GetBool("UseRuleSpecificity", false)); ui.chkUseSpecificity->setChecked(m_pBox->GetBool("UseRuleSpecificity", false));
ui.chkBlockWMI->setChecked(m_BoxTemplates.contains("BlockAccessWMI")); ui.chkBlockWMI->setChecked(m_BoxTemplates.contains("BlockAccessWMI"));
ui.chkHideHostApps->setChecked(m_BoxTemplates.contains("HideInstalledPrograms"));
ui.chkCloseForBox->setChecked(m_pBox->GetBool("AlwaysCloseForBoxed", true)); ui.chkCloseForBox->setChecked(m_pBox->GetBool("AlwaysCloseForBoxed", true));
ui.chkNoOpenForBox->setChecked(m_pBox->GetBool("DontOpenForBoxed", true)); ui.chkNoOpenForBox->setChecked(m_pBox->GetBool("DontOpenForBoxed", true));
@ -702,6 +704,7 @@ void COptionsWindow::SaveAccessList()
WriteAdvancedCheck(ui.chkPrivacy, "UsePrivacyMode", "y", ""); WriteAdvancedCheck(ui.chkPrivacy, "UsePrivacyMode", "y", "");
WriteAdvancedCheck(ui.chkUseSpecificity, "UseRuleSpecificity", "y", ""); WriteAdvancedCheck(ui.chkUseSpecificity, "UseRuleSpecificity", "y", "");
SetTemplate("BlockAccessWMI", ui.chkBlockWMI->isChecked()); SetTemplate("BlockAccessWMI", ui.chkBlockWMI->isChecked());
SetTemplate("HideInstalledPrograms", ui.chkHideHostApps->isChecked());
WriteAdvancedCheck(ui.chkCloseForBox, "AlwaysCloseForBoxed", "", "n"); WriteAdvancedCheck(ui.chkCloseForBox, "AlwaysCloseForBoxed", "", "n");
WriteAdvancedCheck(ui.chkNoOpenForBox, "DontOpenForBoxed", "", "n"); WriteAdvancedCheck(ui.chkNoOpenForBox, "DontOpenForBoxed", "", "n");