1.14.0
This commit is contained in:
parent
7bf2c03dea
commit
4cca2a4c0f
|
@ -161,6 +161,7 @@ _FX BOX *Process_GetForcedStartBox(
|
|||
ULONG alert;
|
||||
BOOLEAN check_force;
|
||||
BOOLEAN is_start_exe;
|
||||
BOOLEAN image_sbie;
|
||||
BOOLEAN force_alert;
|
||||
BOOLEAN dfp_already_added;
|
||||
BOOLEAN same_image_name;
|
||||
|
@ -248,7 +249,7 @@ _FX BOX *Process_GetForcedStartBox(
|
|||
// when the process is start.exe we ignore the CurDir and DocArg
|
||||
//
|
||||
|
||||
Process_IsSbieImage(ImagePath, NULL, &is_start_exe);
|
||||
Process_IsSbieImage(ImagePath, &image_sbie, &is_start_exe);
|
||||
|
||||
if ((! box) && CurDir && !is_start_exe)
|
||||
box = Process_CheckBoxPath(&boxes, CurDir);
|
||||
|
@ -284,7 +285,15 @@ _FX BOX *Process_GetForcedStartBox(
|
|||
Process_DfpInsert(PROCESS_TERMINATED, ProcessId);
|
||||
}
|
||||
|
||||
if (!box) {
|
||||
//
|
||||
// Check if the parent process has its children forced to be sandboxes
|
||||
// exempt sandboxie components from this as start.exe can be used to
|
||||
// open selected processes in other boxes or set Dfp when desired.
|
||||
//
|
||||
// we also must Excempt conhost.exe for console applications
|
||||
//
|
||||
|
||||
if (!box && !image_sbie && _wcsicmp(ImageName, L"conhost.exe") != 0) {
|
||||
|
||||
WCHAR boxname[BOXNAME_COUNT];
|
||||
|
||||
|
|
|
@ -2409,6 +2409,18 @@ MSG_HEADER *SbieIniServer::RunSbieCtrl(MSG_HEADER *msg, HANDLE idProcess, bool i
|
|||
|
||||
MSG_HEADER *SbieIniServer::RC4Crypt(MSG_HEADER *msg, HANDLE idProcess, bool isSandboxed)
|
||||
{
|
||||
//
|
||||
// The purpose of this function is to provide a simple machien bound obfuscation
|
||||
// for example to store passwords which are required in plain text.
|
||||
// To this end we use a Random 64 bit key which is generated once and stored in the registry
|
||||
// as well as the rc4 algorythm for the encryption, applying the same transformation twice
|
||||
// yealds the original plaintext, hence only one function is sufficient.
|
||||
//
|
||||
// Please note that neider the mechanism nor the use rc4 algorythm can be considdered
|
||||
// cryptographically secure by any means.
|
||||
// This mechanism is only good for simple obfuscation of non critical data.
|
||||
//
|
||||
|
||||
SBIE_INI_RC4_CRYPT_REQ *req = (SBIE_INI_RC4_CRYPT_REQ *)msg;
|
||||
if (req->h.length < sizeof(SBIE_INI_RC4_CRYPT_REQ))
|
||||
return SHORT_REPLY(STATUS_INVALID_PARAMETER);
|
||||
|
|
Loading…
Reference in New Issue