mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.8.0

This commit is contained in:
DavidXanatos 2023-02-15 15:23:28 +01:00
parent a6d637cf25
commit 6c610184d6
7 changed files with 80 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -13,6 +13,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Run menu now supports folders, to be used by entering foldername1\foldername2\entryname in the name column of the UI
- added a tray indicator for pending updates
- added virtualization for CreateDirectoryObject(Ex) and OpenDirectoryObject (improves security, prevents name squatting)
-- note: this can be disabled using 'NtNamespaceIsolation=n'
### Changed
- 'OpenProtectedStorage=y' has been replaced with a template

33
Sandboxie/core/dll/ipc.c
View File

@ -348,6 +348,8 @@ const WCHAR *Ipc_SandboxieRpcSs = SANDBOXIE L"RpcSs.exe";
const WCHAR *Ipc_epmapper = L"\\RPC Control\\epmapper";
const WCHAR *Ipc_actkernel = L"\\RPC Control\\actkernel";
BOOLEAN ipc_namespace_isoaltion;
extern const WCHAR *File_BQQB;
LIST Ipc_DynamicPortNames;
@ -386,6 +388,8 @@ _FX BOOLEAN Ipc_Init(void)
SbieDll_MatchPath(L'i', (const WCHAR *)-1);
ipc_namespace_isoaltion = SbieApi_QueryConfBool(NULL, L"NtNamespaceIsolation", TRUE);
//
// intercept NTDLL entry points
//
@ -3551,15 +3555,18 @@ _FX NTSTATUS Ipc_NtOpenSymbolicLinkObject(
if(NT_SUCCESS(status))
__leave;
//if (status == STATUS_OBJECT_PATH_NOT_FOUND) {
//
// status = Ipc_CreatePath(TruePath, CopyPath);
//
// if (NT_SUCCESS(status))
// status = STATUS_OBJECT_NAME_NOT_FOUND;
//}
//
//__leave;
if (status == STATUS_OBJECT_PATH_NOT_FOUND || status == STATUS_OBJECT_NAME_NOT_FOUND) {
ACCESS_MASK PermissibleAccess = READ_CONTROL | SYMBOLIC_LINK_QUERY;
if (DesiredAccess == MAXIMUM_ALLOWED)
DesiredAccess = PermissibleAccess;
else
DesiredAccess &= PermissibleAccess;
goto OpenTruePath;
}
__leave;
//
// try the TruePath
@ -3893,7 +3900,13 @@ _FX NTSTATUS Ipc_NtOpenDirectoryObject(
// a sandboxed Directory will be created and the object created within it
//
DesiredAccess &= ~(DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY);
if (ipc_namespace_isoaltion) {
ACCESS_MASK PermissibleAccess = READ_CONTROL | DIRECTORY_QUERY | DIRECTORY_TRAVERSE;
if (DesiredAccess == MAXIMUM_ALLOWED)
DesiredAccess = PermissibleAccess;
else
DesiredAccess &= PermissibleAccess;
}
goto OpenTruePath;
}

30
Sandboxie/core/dll/sbieapi.c
View File

@ -1395,6 +1395,36 @@ _FX BOOLEAN SbieApi_QueryConfBool(
}
//---------------------------------------------------------------------------
// SbieApi_QueryConfBool
//---------------------------------------------------------------------------
_FX ULONG SbieApi_QueryConfNumber(
const WCHAR *section_name, // WCHAR [66]
const WCHAR *setting_name, // WCHAR [66]
ULONG def)
{
WCHAR value[32];
*value = L'\0';
if (!NT_SUCCESS(SbieApi_QueryConfAsIs(
section_name, setting_name, 0, value, sizeof(value)))
|| *value == L'\0') // empty string
return def;
ULONG num = _wtoi(value);
if (num == 0) {
WCHAR* ptr = value;
//if(*ptr == L'-')
// ptr++;
while (*ptr == L'0')
ptr++;
if(*ptr == L'\0')
return def;
}
return num;
}
//---------------------------------------------------------------------------
// SbieApi_EnumBoxes
//---------------------------------------------------------------------------

6
Sandboxie/core/dll/sbieapi.h
View File

@ -346,6 +346,12 @@ BOOLEAN SbieApi_QueryConfBool(
const WCHAR *setting_name, // WCHAR [66]
BOOLEAN def);
SBIEAPI_EXPORT
ULONG SbieApi_QueryConfNumber(
const WCHAR *section_name, // WCHAR [66]
const WCHAR *setting_name, // WCHAR [66]
ULONG def);
SBIEAPI_EXPORT
LONG SbieApi_EnumBoxes(
LONG index, // initialize to -1

16
Sandboxie/core/drv/ipc.c
View File

@ -789,6 +789,10 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
return FALSE;
}
proc->ipc_namespace_isoaltion = Conf_Get_Boolean(proc->box->name, L"NtNamespaceIsolation", 0, TRUE);
//
// other options
//
@ -1067,7 +1071,9 @@ _FX NTSTATUS Ipc_CheckGenericObject(
// OpenSymbolicLinkObject can use true paths if the access is read only
//
if(Operation == OBJ_OP_OPEN && (GrantedAccess & SYMBOLIC_LINK_SET) == 0)
ACCESS_MASK RestrictedAccess = DELETE | WRITE_OWNER | WRITE_DAC;
RestrictedAccess |= SYMBOLIC_LINK_SET;
if(Operation == OBJ_OP_OPEN && (GrantedAccess & RestrictedAccess) == 0)
#ifdef USE_MATCH_PATH_EX
mp_flags = TRUE_PATH_OPEN_FLAG;
#else
@ -1079,10 +1085,14 @@ _FX NTSTATUS Ipc_CheckGenericObject(
//
// we only enforce CreateDirectoryObject/CreateDirectoryObjectEx
// as long as the access is read only
//
// it seams that named object creation always does an additional access check
// regardless of what access is granted on the root handle so
//
if(Operation == OBJ_OP_OPEN && (GrantedAccess & (DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY)) == 0)
ACCESS_MASK RestrictedAccess = DELETE | WRITE_OWNER | WRITE_DAC;
//RestrictedAccess |= DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY;
if (!proc->ipc_namespace_isoaltion || (Operation == OBJ_OP_OPEN && (GrantedAccess & RestrictedAccess) == 0))
#ifdef USE_MATCH_PATH_EX
mp_flags = TRUE_PATH_OPEN_FLAG;
#else

1
Sandboxie/core/drv/process.h
View File

@ -197,6 +197,7 @@ struct _PROCESS {
LIST read_ipc_paths; // PATTERN elements
ULONG ipc_trace;
BOOLEAN disable_object_flt;
BOOLEAN ipc_namespace_isoaltion;
BOOLEAN ipc_warn_startrun;
BOOLEAN ipc_warn_open_proc;
BOOLEAN ipc_block_password;

8
Sandboxie/core/drv/syscall_open.c
View File

@ -278,8 +278,12 @@ _FX NTSTATUS Syscall_OpenHandle(
// so we strip the "write" permissions here until the SbieDll finishes loading
//
if (strcmp(syscall_entry->name, "OpenDirectoryObject") == 0 && !proc->sbiedll_loaded){
user_args[1] &= ~(DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY);
if (strcmp(syscall_entry->name, "OpenDirectoryObject") == 0 && proc->ipc_namespace_isoaltion && !proc->sbiedll_loaded){
ULONG_PTR PermissibleAccess = READ_CONTROL | DIRECTORY_QUERY | DIRECTORY_TRAVERSE;
if (user_args[1] == MAXIMUM_ALLOWED)
user_args[1] = PermissibleAccess;
else
user_args[1] &= PermissibleAccess;
}
PUNICODE_STRING puName = NULL;