1.8.0
This commit is contained in:
parent
a6d637cf25
commit
6c610184d6
|
@ -13,6 +13,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
||||||
- Run menu now supports folders, to be used by entering foldername1\foldername2\entryname in the name column of the UI
|
- Run menu now supports folders, to be used by entering foldername1\foldername2\entryname in the name column of the UI
|
||||||
- added a tray indicator for pending updates
|
- added a tray indicator for pending updates
|
||||||
- added virtualization for CreateDirectoryObject(Ex) and OpenDirectoryObject (improves security, prevents name squatting)
|
- added virtualization for CreateDirectoryObject(Ex) and OpenDirectoryObject (improves security, prevents name squatting)
|
||||||
|
-- note: this can be disabled using 'NtNamespaceIsolation=n'
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
- 'OpenProtectedStorage=y' has been replaced with a template
|
- 'OpenProtectedStorage=y' has been replaced with a template
|
||||||
|
|
|
@ -348,6 +348,8 @@ const WCHAR *Ipc_SandboxieRpcSs = SANDBOXIE L"RpcSs.exe";
|
||||||
const WCHAR *Ipc_epmapper = L"\\RPC Control\\epmapper";
|
const WCHAR *Ipc_epmapper = L"\\RPC Control\\epmapper";
|
||||||
const WCHAR *Ipc_actkernel = L"\\RPC Control\\actkernel";
|
const WCHAR *Ipc_actkernel = L"\\RPC Control\\actkernel";
|
||||||
|
|
||||||
|
BOOLEAN ipc_namespace_isoaltion;
|
||||||
|
|
||||||
extern const WCHAR *File_BQQB;
|
extern const WCHAR *File_BQQB;
|
||||||
|
|
||||||
LIST Ipc_DynamicPortNames;
|
LIST Ipc_DynamicPortNames;
|
||||||
|
@ -386,6 +388,8 @@ _FX BOOLEAN Ipc_Init(void)
|
||||||
|
|
||||||
SbieDll_MatchPath(L'i', (const WCHAR *)-1);
|
SbieDll_MatchPath(L'i', (const WCHAR *)-1);
|
||||||
|
|
||||||
|
ipc_namespace_isoaltion = SbieApi_QueryConfBool(NULL, L"NtNamespaceIsolation", TRUE);
|
||||||
|
|
||||||
//
|
//
|
||||||
// intercept NTDLL entry points
|
// intercept NTDLL entry points
|
||||||
//
|
//
|
||||||
|
@ -3551,15 +3555,18 @@ _FX NTSTATUS Ipc_NtOpenSymbolicLinkObject(
|
||||||
if(NT_SUCCESS(status))
|
if(NT_SUCCESS(status))
|
||||||
__leave;
|
__leave;
|
||||||
|
|
||||||
//if (status == STATUS_OBJECT_PATH_NOT_FOUND) {
|
if (status == STATUS_OBJECT_PATH_NOT_FOUND || status == STATUS_OBJECT_NAME_NOT_FOUND) {
|
||||||
//
|
|
||||||
// status = Ipc_CreatePath(TruePath, CopyPath);
|
ACCESS_MASK PermissibleAccess = READ_CONTROL | SYMBOLIC_LINK_QUERY;
|
||||||
//
|
if (DesiredAccess == MAXIMUM_ALLOWED)
|
||||||
// if (NT_SUCCESS(status))
|
DesiredAccess = PermissibleAccess;
|
||||||
// status = STATUS_OBJECT_NAME_NOT_FOUND;
|
else
|
||||||
//}
|
DesiredAccess &= PermissibleAccess;
|
||||||
//
|
|
||||||
//__leave;
|
goto OpenTruePath;
|
||||||
|
}
|
||||||
|
|
||||||
|
__leave;
|
||||||
|
|
||||||
//
|
//
|
||||||
// try the TruePath
|
// try the TruePath
|
||||||
|
@ -3893,7 +3900,13 @@ _FX NTSTATUS Ipc_NtOpenDirectoryObject(
|
||||||
// a sandboxed Directory will be created and the object created within it
|
// a sandboxed Directory will be created and the object created within it
|
||||||
//
|
//
|
||||||
|
|
||||||
DesiredAccess &= ~(DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY);
|
if (ipc_namespace_isoaltion) {
|
||||||
|
ACCESS_MASK PermissibleAccess = READ_CONTROL | DIRECTORY_QUERY | DIRECTORY_TRAVERSE;
|
||||||
|
if (DesiredAccess == MAXIMUM_ALLOWED)
|
||||||
|
DesiredAccess = PermissibleAccess;
|
||||||
|
else
|
||||||
|
DesiredAccess &= PermissibleAccess;
|
||||||
|
}
|
||||||
|
|
||||||
goto OpenTruePath;
|
goto OpenTruePath;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1395,6 +1395,36 @@ _FX BOOLEAN SbieApi_QueryConfBool(
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
//---------------------------------------------------------------------------
|
||||||
|
// SbieApi_QueryConfBool
|
||||||
|
//---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
_FX ULONG SbieApi_QueryConfNumber(
|
||||||
|
const WCHAR *section_name, // WCHAR [66]
|
||||||
|
const WCHAR *setting_name, // WCHAR [66]
|
||||||
|
ULONG def)
|
||||||
|
{
|
||||||
|
WCHAR value[32];
|
||||||
|
*value = L'\0';
|
||||||
|
if (!NT_SUCCESS(SbieApi_QueryConfAsIs(
|
||||||
|
section_name, setting_name, 0, value, sizeof(value)))
|
||||||
|
|| *value == L'\0') // empty string
|
||||||
|
return def;
|
||||||
|
ULONG num = _wtoi(value);
|
||||||
|
if (num == 0) {
|
||||||
|
WCHAR* ptr = value;
|
||||||
|
//if(*ptr == L'-')
|
||||||
|
// ptr++;
|
||||||
|
while (*ptr == L'0')
|
||||||
|
ptr++;
|
||||||
|
if(*ptr == L'\0')
|
||||||
|
return def;
|
||||||
|
}
|
||||||
|
return num;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
// SbieApi_EnumBoxes
|
// SbieApi_EnumBoxes
|
||||||
//---------------------------------------------------------------------------
|
//---------------------------------------------------------------------------
|
||||||
|
|
|
@ -346,6 +346,12 @@ BOOLEAN SbieApi_QueryConfBool(
|
||||||
const WCHAR *setting_name, // WCHAR [66]
|
const WCHAR *setting_name, // WCHAR [66]
|
||||||
BOOLEAN def);
|
BOOLEAN def);
|
||||||
|
|
||||||
|
SBIEAPI_EXPORT
|
||||||
|
ULONG SbieApi_QueryConfNumber(
|
||||||
|
const WCHAR *section_name, // WCHAR [66]
|
||||||
|
const WCHAR *setting_name, // WCHAR [66]
|
||||||
|
ULONG def);
|
||||||
|
|
||||||
SBIEAPI_EXPORT
|
SBIEAPI_EXPORT
|
||||||
LONG SbieApi_EnumBoxes(
|
LONG SbieApi_EnumBoxes(
|
||||||
LONG index, // initialize to -1
|
LONG index, // initialize to -1
|
||||||
|
|
|
@ -789,6 +789,10 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
proc->ipc_namespace_isoaltion = Conf_Get_Boolean(proc->box->name, L"NtNamespaceIsolation", 0, TRUE);
|
||||||
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// other options
|
// other options
|
||||||
//
|
//
|
||||||
|
@ -1067,7 +1071,9 @@ _FX NTSTATUS Ipc_CheckGenericObject(
|
||||||
// OpenSymbolicLinkObject can use true paths if the access is read only
|
// OpenSymbolicLinkObject can use true paths if the access is read only
|
||||||
//
|
//
|
||||||
|
|
||||||
if(Operation == OBJ_OP_OPEN && (GrantedAccess & SYMBOLIC_LINK_SET) == 0)
|
ACCESS_MASK RestrictedAccess = DELETE | WRITE_OWNER | WRITE_DAC;
|
||||||
|
RestrictedAccess |= SYMBOLIC_LINK_SET;
|
||||||
|
if(Operation == OBJ_OP_OPEN && (GrantedAccess & RestrictedAccess) == 0)
|
||||||
#ifdef USE_MATCH_PATH_EX
|
#ifdef USE_MATCH_PATH_EX
|
||||||
mp_flags = TRUE_PATH_OPEN_FLAG;
|
mp_flags = TRUE_PATH_OPEN_FLAG;
|
||||||
#else
|
#else
|
||||||
|
@ -1079,10 +1085,14 @@ _FX NTSTATUS Ipc_CheckGenericObject(
|
||||||
|
|
||||||
//
|
//
|
||||||
// we only enforce CreateDirectoryObject/CreateDirectoryObjectEx
|
// we only enforce CreateDirectoryObject/CreateDirectoryObjectEx
|
||||||
// as long as the access is read only
|
//
|
||||||
|
// it seams that named object creation always does an additional access check
|
||||||
|
// regardless of what access is granted on the root handle so
|
||||||
//
|
//
|
||||||
|
|
||||||
if(Operation == OBJ_OP_OPEN && (GrantedAccess & (DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY)) == 0)
|
ACCESS_MASK RestrictedAccess = DELETE | WRITE_OWNER | WRITE_DAC;
|
||||||
|
//RestrictedAccess |= DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY;
|
||||||
|
if (!proc->ipc_namespace_isoaltion || (Operation == OBJ_OP_OPEN && (GrantedAccess & RestrictedAccess) == 0))
|
||||||
#ifdef USE_MATCH_PATH_EX
|
#ifdef USE_MATCH_PATH_EX
|
||||||
mp_flags = TRUE_PATH_OPEN_FLAG;
|
mp_flags = TRUE_PATH_OPEN_FLAG;
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -197,6 +197,7 @@ struct _PROCESS {
|
||||||
LIST read_ipc_paths; // PATTERN elements
|
LIST read_ipc_paths; // PATTERN elements
|
||||||
ULONG ipc_trace;
|
ULONG ipc_trace;
|
||||||
BOOLEAN disable_object_flt;
|
BOOLEAN disable_object_flt;
|
||||||
|
BOOLEAN ipc_namespace_isoaltion;
|
||||||
BOOLEAN ipc_warn_startrun;
|
BOOLEAN ipc_warn_startrun;
|
||||||
BOOLEAN ipc_warn_open_proc;
|
BOOLEAN ipc_warn_open_proc;
|
||||||
BOOLEAN ipc_block_password;
|
BOOLEAN ipc_block_password;
|
||||||
|
|
|
@ -278,8 +278,12 @@ _FX NTSTATUS Syscall_OpenHandle(
|
||||||
// so we strip the "write" permissions here until the SbieDll finishes loading
|
// so we strip the "write" permissions here until the SbieDll finishes loading
|
||||||
//
|
//
|
||||||
|
|
||||||
if (strcmp(syscall_entry->name, "OpenDirectoryObject") == 0 && !proc->sbiedll_loaded){
|
if (strcmp(syscall_entry->name, "OpenDirectoryObject") == 0 && proc->ipc_namespace_isoaltion && !proc->sbiedll_loaded){
|
||||||
user_args[1] &= ~(DIRECTORY_CREATE_OBJECT | DIRECTORY_CREATE_SUBDIRECTORY);
|
ULONG_PTR PermissibleAccess = READ_CONTROL | DIRECTORY_QUERY | DIRECTORY_TRAVERSE;
|
||||||
|
if (user_args[1] == MAXIMUM_ALLOWED)
|
||||||
|
user_args[1] = PermissibleAccess;
|
||||||
|
else
|
||||||
|
user_args[1] &= PermissibleAccess;
|
||||||
}
|
}
|
||||||
|
|
||||||
PUNICODE_STRING puName = NULL;
|
PUNICODE_STRING puName = NULL;
|
||||||
|
|
Loading…
Reference in New Issue