mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.3.3

This commit is contained in:
DavidXanatos 2022-09-07 22:26:02 +02:00 committed by isaak654
parent ef57e4b158
commit 681644fe08
No known key found for this signature in database
GPG Key ID: 59D402040437EC44
6 changed files with 103 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGELOG.md
View File

@ -8,14 +8,16 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.3.3 / 5.58.3] - 2022-09-?? ## [1.3.3 / 5.58.3] - 2022-09-??
### Added ### Added
- added username notation when the LogFile registry setting is applied as workaround for [#2207](https://github.com/sandboxie-plus/Sandboxie/issues/2207) - added domain\user notation when the LogFile registry setting is applied as workaround for [#2207](https://github.com/sandboxie-plus/Sandboxie/issues/2207)
-- usage: in "HKLM\SYSTEM\CurrentControlSet\Services\SbieSvc" add REG_SZ "LogFile" with "3;[path]\Sandboxie.log" -- usage: in "HKLM\SYSTEM\CurrentControlSet\Services\SbieSvc" add REG_SZ "LogFile" with "3;[path]\Sandboxie.log"
- added option to block host processes from accessing sandboxed once [#2132](https://github.com/sandboxie-plus/Sandboxie/issues/2132) - added option to block host processes from accessing sandboxed ones [#2132](https://github.com/sandboxie-plus/Sandboxie/issues/2132)
-- usage: DenyHostAccess=Program.exe,y -- usage: DenyHostAccess=Program.exe,y
- added compatybility template for ReHIPS -- note: by default, this protection only applied for write access, that is, unsandboxed processes will still be able to obtain read-only access
-- to prevent host processes from obtaining read access, ConfidentialBox=y must also be set, which require a supporter certificate
- added compatibility template for ReHIPS
### Changed ### Changed
- improved sandman settings behaviour for non admin users [#2123](https://github.com/sandboxie-plus/Sandboxie/issues/2123) - improved SandMan settings behaviour for non admin users [#2123](https://github.com/sandboxie-plus/Sandboxie/issues/2123)
### Fixed ### Fixed
- fixed issues with group moving via drag and drop - fixed issues with group moving via drag and drop
@ -25,6 +27,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed issue with default box [#2195](https://github.com/sandboxie-plus/Sandboxie/issues/2195) - fixed issue with default box [#2195](https://github.com/sandboxie-plus/Sandboxie/issues/2195)
- fixed issue with keyboard delete shortcut for process termination - fixed issue with keyboard delete shortcut for process termination
### Removed
- removed obsolete Online Armor template

57
Sandboxie/core/drv/obj_flt.c
View File

@ -222,65 +222,13 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
HANDLE TargetProcessId = PsGetProcessId((PEPROCESS)PreInfo->Object); HANDLE TargetProcessId = PsGetProcessId((PEPROCESS)PreInfo->Object);
PEPROCESS ProcessObject = (PEPROCESS)PreInfo->Object; PEPROCESS ProcessObject = (PEPROCESS)PreInfo->Object;
if (!NT_SUCCESS(Thread_CheckObject_CommonEx(TargetProcessId, ProcessObject, InitialDesiredAccess, TRUE, TRUE))) { *DesiredAccess = Thread_CheckObject_CommonEx(TargetProcessId, ProcessObject, InitialDesiredAccess, TRUE, TRUE);
#ifdef DRV_BREAKOUT
//
// Check if this is a break out process
//
BOOLEAN is_breakout = FALSE;
PROCESS *proc;
PROCESS *proc2;
KIRQL irql;
proc = Process_Find(NULL, NULL);
if (proc) {
proc2 = Process_Find(TargetProcessId, &irql);
if (proc2 && Process_IsStarter(proc, proc2)) {
is_breakout = TRUE;
}
}
ExReleaseResourceLite(Process_ListLock);
KeLowerIrql(irql);
if (is_breakout) {
//
// this is a BreakoutProcess in this case we need to grant some permissions
//
*DesiredAccess = InitialDesiredAccess & (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE |
/**/PROCESS_TERMINATE |
//PROCESS_CREATE_THREAD |
//PROCESS_SET_SESSIONID |
/**/PROCESS_VM_OPERATION | // needed
PROCESS_VM_READ |
/**/PROCESS_VM_WRITE | // needed
//PROCESS_DUP_HANDLE |
PROCESS_CREATE_PROCESS |
//PROCESS_SET_QUOTA |
/**/PROCESS_SET_INFORMATION | // needed
PROCESS_QUERY_INFORMATION |
/**/PROCESS_SUSPEND_RESUME | // needed
PROCESS_QUERY_LIMITED_INFORMATION |
//PROCESS_SET_LIMITED_INFORMATION |
0);
} else
#endif
*DesiredAccess = 0; // deny any access
}
//ObjectTypeName = L"PsProcessType";
} }
else if (PreInfo->ObjectType == *PsThreadType) { else if (PreInfo->ObjectType == *PsThreadType) {
HANDLE TargetProcessId = PsGetThreadProcessId ((PETHREAD)PreInfo->Object); HANDLE TargetProcessId = PsGetThreadProcessId ((PETHREAD)PreInfo->Object);
PEPROCESS ProcessObject = PsGetThreadProcess((PETHREAD)PreInfo->Object); PEPROCESS ProcessObject = PsGetThreadProcess((PETHREAD)PreInfo->Object);
if (!NT_SUCCESS(Thread_CheckObject_CommonEx(TargetProcessId, ProcessObject, InitialDesiredAccess, FALSE, TRUE))) { *DesiredAccess = Thread_CheckObject_CommonEx(TargetProcessId, ProcessObject, InitialDesiredAccess, FALSE, TRUE);
*DesiredAccess = 0; // deny any access
}
//ObjectTypeName = L"PsThreadType";
} }
else { else {
DbgPrint("Sbie ObCallback: unexpected object type\n"); DbgPrint("Sbie ObCallback: unexpected object type\n");
@ -288,7 +236,6 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
} }
Exit: Exit:
return OB_PREOP_SUCCESS; return OB_PREOP_SUCCESS;
} }

3
Sandboxie/core/drv/process.c
View File

@ -740,6 +740,7 @@ _FX PROCESS *Process_Create(
proc->use_privacy_mode = Conf_Get_Boolean(proc->box->name, L"UsePrivacyMode", 0, FALSE); proc->use_privacy_mode = Conf_Get_Boolean(proc->box->name, L"UsePrivacyMode", 0, FALSE);
proc->use_rule_specificity = proc->restrict_devices || proc->use_privacy_mode || Conf_Get_Boolean(proc->box->name, L"UseRuleSpecificity", 0, FALSE); proc->use_rule_specificity = proc->restrict_devices || proc->use_privacy_mode || Conf_Get_Boolean(proc->box->name, L"UseRuleSpecificity", 0, FALSE);
#endif #endif
proc->confidential_box = Conf_Get_Boolean(proc->box->name, L"ConfidentialBox", 0, FALSE);
// //
// check certificate // check certificate
@ -764,6 +765,8 @@ _FX PROCESS *Process_Create(
#endif #endif
if (proc->bAppCompartment) if (proc->bAppCompartment)
exclusive_setting = L"NoSecurityIsolation"; exclusive_setting = L"NoSecurityIsolation";
else if (proc->confidential_box)
exclusive_setting = L"ConfidentialBox";
if (exclusive_setting) { if (exclusive_setting) {

1
Sandboxie/core/drv/process.h
View File

@ -148,6 +148,7 @@ struct _PROCESS {
BOOLEAN use_rule_specificity; BOOLEAN use_rule_specificity;
BOOLEAN use_privacy_mode; BOOLEAN use_privacy_mode;
#endif #endif
BOOLEAN confidential_box;
ULONG call_trace; ULONG call_trace;

116
Sandboxie/core/drv/thread.c
View File

@ -1135,9 +1135,9 @@ finish:
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
_FX NTSTATUS Thread_CheckObject_CommonEx( _FX ACCESS_MASK Thread_CheckObject_CommonEx(
HANDLE pid, PEPROCESS ProcessObject, HANDLE pid, PEPROCESS ProcessObject,
ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess, ACCESS_MASK DesiredAccess, BOOLEAN EntireProcess,
BOOLEAN ExplicitAccess) BOOLEAN ExplicitAccess)
{ {
// //
@ -1146,7 +1146,7 @@ _FX NTSTATUS Thread_CheckObject_CommonEx(
HANDLE cur_pid = PsGetCurrentProcessId(); HANDLE cur_pid = PsGetCurrentProcessId();
if (pid == cur_pid) if (pid == cur_pid)
return STATUS_SUCCESS; return DesiredAccess;
// //
// Get the sandboxed process if this request comes form one // Get the sandboxed process if this request comes form one
@ -1169,33 +1169,42 @@ _FX NTSTATUS Thread_CheckObject_CommonEx(
if (proc2 && !proc2->bHostInject) { // target is sandboxed if (proc2 && !proc2->bHostInject) { // target is sandboxed
void* nbuf = 0; ACCESS_MASK WriteAccess;
ULONG nlen = 0; if (EntireProcess)
WCHAR* nptr = 0; WriteAccess = (DesiredAccess & PROCESS_DENIED_ACCESS_MASK);
Process_GetProcessName(proc2->pool, (ULONG_PTR)cur_pid, &nbuf, &nlen, &nptr); else
if (nbuf) { WriteAccess = (DesiredAccess & THREAD_DENIED_ACCESS_MASK);
protect_process = Process_GetConfEx_bool(proc2->box, nptr, L"DenyHostAccess", FALSE); if (WriteAccess || proc2->confidential_box) {
// void* nbuf = 0;
// in case use specified wildcard "*" always grant access to sbiesvc.exe and csrss.exe ULONG nlen = 0;
// and a few others WCHAR* nptr = 0;
// Process_GetProcessName(proc2->pool, (ULONG_PTR)cur_pid, &nbuf, &nlen, &nptr);
if (nbuf) {
if (protect_process /*&& MyIsProcessRunningAsSystemAccount(cur_pid)*/) { protect_process = Process_GetConfEx_bool(proc2->box, nptr, L"DenyHostAccess", FALSE);
if ((_wcsicmp(nptr, SBIESVC_EXE) == 0) || (_wcsicmp(nptr, L"csrss.exe") == 0)
|| (_wcsicmp(nptr, L"conhost.exe") == 0) //
|| (_wcsicmp(nptr, L"taskmgr.exe") == 0) || (_wcsicmp(nptr, L"sandman.exe") == 0)) // in case use specified wildcard "*" always grant access to sbiesvc.exe and csrss.exe
protect_process = FALSE; // and a few others
//
if (protect_process /*&& MyIsProcessRunningAsSystemAccount(cur_pid)*/) {
if ((_wcsicmp(nptr, SBIESVC_EXE) == 0) || (_wcsicmp(nptr, L"csrss.exe") == 0)
|| (_wcsicmp(nptr, L"conhost.exe") == 0)
|| (_wcsicmp(nptr, L"taskmgr.exe") == 0) || (_wcsicmp(nptr, L"sandman.exe") == 0))
protect_process = FALSE;
}
if (protect_process) {
WCHAR msg_str[256];
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Protect boxed processes %s (%d) from %s (%d) requesting 0x%08X", proc2->image_name, (ULONG)pid, nptr, (ULONG)cur_pid, DesiredAccess);
Session_MonitorPut(MONITOR_IMAGE | MONITOR_TRACE, msg_str, pid);
}
Mem_Free(nbuf, nlen);
} }
if (protect_process) {
WCHAR msg_str[256];
RtlStringCbPrintfW(msg_str, sizeof(msg_str), L"Protect boxed processes %s (%d) from %s (%d)", proc2->image_name, (ULONG)pid, nptr, (ULONG)cur_pid);
Session_MonitorPut(MONITOR_IMAGE | MONITOR_TRACE, msg_str, PsGetCurrentProcessId());
}
Mem_Free(nbuf, nlen);
} }
} }
@ -1203,7 +1212,7 @@ _FX NTSTATUS Thread_CheckObject_CommonEx(
KeLowerIrql(irql); KeLowerIrql(irql);
if (protect_process) if (protect_process)
return STATUS_ACCESS_DENIED; return 0; // deny access
} }
// //
@ -1211,9 +1220,58 @@ _FX NTSTATUS Thread_CheckObject_CommonEx(
// //
if (!proc || (proc == PROCESS_TERMINATED) || proc->bHostInject || proc->disable_object_flt) if (!proc || (proc == PROCESS_TERMINATED) || proc->bHostInject || proc->disable_object_flt)
return STATUS_SUCCESS; return DesiredAccess;
return Thread_CheckObject_Common(proc, ProcessObject, GrantedAccess, EntireProcess, ExplicitAccess); if (!NT_SUCCESS(Thread_CheckObject_Common(proc, ProcessObject, DesiredAccess, EntireProcess, ExplicitAccess))) {
#ifdef DRV_BREAKOUT
if (EntireProcess) {
//
// Check if this is a break out process
//
BOOLEAN is_breakout = FALSE;
PROCESS* proc2;
KIRQL irql;
proc2 = Process_Find(pid, &irql);
if (proc2 && Process_IsStarter(proc, proc2)) {
is_breakout = TRUE;
}
ExReleaseResourceLite(Process_ListLock);
KeLowerIrql(irql);
if (is_breakout) {
//
// this is a BreakoutProcess in this case we need to grant some permissions
//
return DesiredAccess & (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE |
/**/PROCESS_TERMINATE |
//PROCESS_CREATE_THREAD |
//PROCESS_SET_SESSIONID |
/**/PROCESS_VM_OPERATION | // needed
PROCESS_VM_READ |
/**/PROCESS_VM_WRITE | // needed
//PROCESS_DUP_HANDLE |
PROCESS_CREATE_PROCESS |
//PROCESS_SET_QUOTA |
/**/PROCESS_SET_INFORMATION | // needed
PROCESS_QUERY_INFORMATION |
/**/PROCESS_SUSPEND_RESUME | // needed
PROCESS_QUERY_LIMITED_INFORMATION |
//PROCESS_SET_LIMITED_INFORMATION |
0);
}
}
#endif
return 0;
}
return DesiredAccess;
} }

4
Sandboxie/core/drv/thread.h
View File

@ -99,9 +99,9 @@ NTSTATUS Thread_CheckObject_Common(
ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess, ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess,
BOOLEAN ExplicitAccess); BOOLEAN ExplicitAccess);
NTSTATUS Thread_CheckObject_CommonEx( ACCESS_MASK Thread_CheckObject_CommonEx(
HANDLE pid, PEPROCESS ProcessObject, HANDLE pid, PEPROCESS ProcessObject,
ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess, ACCESS_MASK DesiredAccess, BOOLEAN EntireProcess,
BOOLEAN ExplicitAccess); BOOLEAN ExplicitAccess);
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------