1.0.6
This commit is contained in:
parent
8a2e8435a7
commit
4d3648ba9c
|
@ -19,7 +19,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
### Fixed
|
||||
- fixed box initialization issue in privacy mode [#1469](https://github.com/sandboxie-plus/Sandboxie/issues/1469)
|
||||
- fixed issue creating shortcuts introduced in a recent build [#1471](https://github.com/sandboxie-plus/Sandboxie/issues/1471)
|
||||
- fixed access issues in privacy enhanced boxes
|
||||
- fixed variouse issues in privacy enhanced boxes and rule specificity
|
||||
- fixed issue with SeAccessCheckByType
|
||||
|
||||
### Removed
|
||||
- removed obsolete SkyNetRootKit detection from 32 bit build
|
||||
|
|
|
@ -543,15 +543,22 @@ _FX BOOLEAN Com_IsClosedClsid(REFCLSID rclsid)
|
|||
0x66, 0xf7, 0xe1, 0x1b, 0x36, 0x55, 0xd1, 0x11,
|
||||
0xb7, 0x26, 0x00, 0xc0, 0x4f, 0xb9, 0x26, 0xaf };
|
||||
|
||||
if (memcmp(rclsid, EventSystem, 16) == 0)
|
||||
return TRUE;
|
||||
// moved to templates.ini
|
||||
//static const UCHAR PinToStartScreen[16] = { // {470C0EBD-5D73-4D58-9CED-E91E22E23282}
|
||||
// 0xbd, 0x0e, 0x0c, 0x47, 0x73, 0x5d, 0x58, 0x4d,
|
||||
// 0x9c, 0xed, 0xe9, 0x1e, 0x22, 0xe2, 0x32, 0x82
|
||||
//};
|
||||
|
||||
if (memcmp(rclsid, EventSystemTier2, 16) == 0)
|
||||
return TRUE;
|
||||
static const UCHAR* ClosedIDs[] = { EventSystem, EventSystemTier2/*, PinToStartScreen*/ };
|
||||
|
||||
ULONG index;
|
||||
GUID* guid;
|
||||
|
||||
for (index = 0; index < ARRAYSIZE(ClosedIDs); ++index) {
|
||||
if (memcmp(rclsid, ClosedIDs[index], 16) == 0)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
//
|
||||
// initialize list of user-configured CLSID blocks
|
||||
// Note: the service threads everythign not explicitly open as closed anyways
|
||||
|
|
|
@ -1906,7 +1906,7 @@ _FX UINT Proc_WinExec(LPCSTR lpCmdLine, UINT uCmdShow)
|
|||
|
||||
memzero(&pi, sizeof(PROCESS_INFORMATION));
|
||||
|
||||
ok = CreateProcessA(
|
||||
ok = CreateProcessA(
|
||||
NULL, (char *)lpCmdLine, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
|
||||
|
||||
if (ok) {
|
||||
|
|
|
@ -921,10 +921,13 @@ RPC_STATUS RPC_ENTRY RpcRt_RpcStringBindingComposeW(TCHAR *ObjUuid,TCHAR *ProtSe
|
|||
Scm_Start_Sppsvc();
|
||||
}
|
||||
// we must block this in Win 10 to prevent r-click context menu hang in Explorer
|
||||
else if (ObjUuid && (!_wcsicmp(ObjUuid, UUID_UserMgrCli)))
|
||||
{
|
||||
return STATUS_ACCESS_DENIED;
|
||||
}
|
||||
// note: this breaks otehr things but we need it,
|
||||
// so instead we block the {470C0EBD-5D73-4D58-9CED-E91E22E23282} Pin To Start Screen verb handler;
|
||||
// inside Com_CoCreateInstance
|
||||
//else if (ObjUuid && (!_wcsicmp(ObjUuid, UUID_UserMgrCli)))
|
||||
//{
|
||||
// return STATUS_ACCESS_DENIED;
|
||||
//}
|
||||
return __sys_RpcStringBindingComposeW(ObjUuid,ProtSeq,NetworkAddr,EndPoint,Options,StringBinding);
|
||||
}
|
||||
|
||||
|
|
|
@ -887,7 +887,7 @@ _FX NTSTATUS Secure_NtSetSecurityObject(
|
|||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
_FX void Ldr_TestToken(HANDLE token, PHANDLE hTokenReal)
|
||||
_FX void Ldr_TestToken(HANDLE token, PHANDLE hTokenReal, BOOLEAN bImpersonate)
|
||||
{
|
||||
if (Dll_OsBuild < 9600) // this magic values are available only from windows 8.1 onwards
|
||||
return;
|
||||
|
@ -898,18 +898,44 @@ _FX void Ldr_TestToken(HANDLE token, PHANDLE hTokenReal)
|
|||
// OriginalToken END
|
||||
|
||||
if ((LONG_PTR)token == LDR_TOKEN_PRIMARY) {
|
||||
NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, hTokenReal);
|
||||
NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), hTokenReal);
|
||||
}
|
||||
else if ((LONG_PTR)token == LDR_TOKEN_IMPERSONATION) {
|
||||
NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY, FALSE, hTokenReal);
|
||||
NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), FALSE, hTokenReal);
|
||||
}
|
||||
else if ((LONG_PTR)token <= LDR_TOKEN_EFFECTIVE) {
|
||||
NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY, FALSE, hTokenReal);
|
||||
if (!hTokenReal) {
|
||||
NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY, hTokenReal);
|
||||
NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), FALSE, hTokenReal);
|
||||
if (*hTokenReal == NULL) {
|
||||
NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), hTokenReal);
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// SeAccessCheckByType requires the token to eider be
|
||||
// an impersonation token of level SecurityIdentification or higher
|
||||
// or a pseudo handle, hence we have to convert the token here
|
||||
//
|
||||
|
||||
if (bImpersonate && *hTokenReal != NULL) {
|
||||
|
||||
HANDLE hTokenRealImp = NULL;
|
||||
OBJECT_ATTRIBUTES objattrs;
|
||||
SECURITY_QUALITY_OF_SERVICE QoS;
|
||||
|
||||
InitializeObjectAttributes(&objattrs, NULL, 0, NULL, NULL);
|
||||
QoS.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
|
||||
QoS.ImpersonationLevel = SecurityImpersonation;
|
||||
QoS.ContextTrackingMode = SECURITY_STATIC_TRACKING;
|
||||
QoS.EffectiveOnly = FALSE;
|
||||
objattrs.SecurityQualityOfService = &QoS;
|
||||
|
||||
if (NT_SUCCESS(NtDuplicateToken(*hTokenReal, MAXIMUM_ALLOWED, &objattrs, FALSE, TokenImpersonation, &hTokenRealImp))) {
|
||||
|
||||
NtClose(*hTokenReal);
|
||||
|
||||
*hTokenReal = hTokenRealImp;
|
||||
}
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
_FX NTSTATUS Ldr_NtQueryInformationToken(
|
||||
|
@ -924,7 +950,7 @@ _FX NTSTATUS Ldr_NtQueryInformationToken(
|
|||
HANDLE hTokenReal = NULL;
|
||||
BOOLEAN FakeAdmin = FALSE;
|
||||
|
||||
Ldr_TestToken(TokenHandle, &hTokenReal);
|
||||
Ldr_TestToken(TokenHandle, &hTokenReal, FALSE);
|
||||
|
||||
status = __sys_NtQueryInformationToken(
|
||||
hTokenReal ? hTokenReal : TokenHandle, TokenInformationClass,
|
||||
|
@ -1024,7 +1050,7 @@ _FX NTSTATUS Ldr_NtQuerySecurityAttributesToken(HANDLE TokenHandle, PUNICODE_STR
|
|||
NTSTATUS status = 0;
|
||||
HANDLE hTokenReal = NULL;
|
||||
|
||||
Ldr_TestToken(TokenHandle, &hTokenReal);
|
||||
Ldr_TestToken(TokenHandle, &hTokenReal, FALSE);
|
||||
|
||||
status = __sys_NtQuerySecurityAttributesToken(hTokenReal ? hTokenReal : TokenHandle, Attributes, NumberOfAttributes, Buffer, Length, ReturnLength);
|
||||
|
||||
|
@ -1034,6 +1060,7 @@ _FX NTSTATUS Ldr_NtQuerySecurityAttributesToken(HANDLE TokenHandle, PUNICODE_STR
|
|||
return status;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS Ldr_NtAccessCheckByType(PSECURITY_DESCRIPTOR SecurityDescriptor, PSID PrincipalSelfSid, HANDLE ClientToken, ACCESS_MASK DesiredAccess, POBJECT_TYPE_LIST ObjectTypeList, ULONG ObjectTypeListLength, PGENERIC_MAPPING GenericMapping, PPRIVILEGE_SET PrivilegeSet, PULONG PrivilegeSetLength, PACCESS_MASK GrantedAccess, PNTSTATUS AccessStatus)
|
||||
{
|
||||
NTSTATUS rc;
|
||||
|
@ -1047,8 +1074,8 @@ NTSTATUS Ldr_NtAccessCheckByType(PSECURITY_DESCRIPTOR SecurityDescriptor, PSID P
|
|||
SetLastError(0);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
Ldr_TestToken(ClientToken, &hTokenReal);
|
||||
|
||||
Ldr_TestToken(ClientToken, &hTokenReal, TRUE);
|
||||
|
||||
rc = __sys_NtAccessCheckByType(SecurityDescriptor, PrincipalSelfSid, hTokenReal ? hTokenReal : ClientToken, DesiredAccess, ObjectTypeList, ObjectTypeListLength, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, AccessStatus);
|
||||
|
||||
|
@ -1065,7 +1092,7 @@ _FX NTSTATUS Ldr_NtAccessCheck(PSECURITY_DESCRIPTOR SecurityDescriptor, HANDLE C
|
|||
NTSTATUS status = 0;
|
||||
HANDLE hTokenReal = NULL;
|
||||
|
||||
Ldr_TestToken(ClientToken, &hTokenReal);
|
||||
Ldr_TestToken(ClientToken, &hTokenReal, TRUE);
|
||||
|
||||
status = __sys_NtAccessCheck(SecurityDescriptor, hTokenReal ? hTokenReal : ClientToken, DesiredAccess, GenericMapping, RequiredPrivilegesBuffer, BufferLength, GrantedAccess, AccessStatus);
|
||||
|
||||
|
@ -1080,7 +1107,7 @@ _FX NTSTATUS Ldr_NtAccessCheckByTypeResultList(PSECURITY_DESCRIPTOR SecurityDesc
|
|||
NTSTATUS status = 0;
|
||||
HANDLE hTokenReal = NULL;
|
||||
|
||||
Ldr_TestToken(ClientToken, &hTokenReal);
|
||||
Ldr_TestToken(ClientToken, &hTokenReal, TRUE);
|
||||
|
||||
status = __sys_NtAccessCheckByTypeResultList(SecurityDescriptor, PrincipalSelfSid, ClientToken, DesiredAccess, ObjectTypeList, ObjectTypeListLength, GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, AccessStatus);
|
||||
|
||||
|
|
|
@ -165,6 +165,8 @@ ClosedClsid={4991D34B-80A1-4291-83B6-3328366B9097}
|
|||
[Template_WindowsExplorer]
|
||||
# make search box wait
|
||||
ClosedClsid={C2F03A33-21F5-47FA-B4BB-156362A2F239}
|
||||
# makes context menu hang
|
||||
ClosedClsid={470C0EBD-5D73-4D58-9CED-E91E22E23282}
|
||||
|
||||
[Template_ThirdPartyIsolation]
|
||||
# close VMNet0 virtual network
|
||||
|
|
Loading…
Reference in New Issue