mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

new option

This commit is contained in:
DavidXanatos 2024-08-28 09:13:23 +02:00
parent 6b0387bf94
commit 7ad047b219
2 changed files with 90 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -45,7 +45,7 @@
<enum>QTabWidget::North</enum>
</property>
<property name="currentIndex">
<number>10</number>
<number>1</number>
</property>
<widget class="QWidget" name="tabGeneral">
<attribute name="title">
@ -1780,23 +1780,6 @@
<layout class="QGridLayout" name="gridLayout_26">
<item row="0" column="1">
<layout class="QGridLayout" name="gridLayout_2">
<item row="6" column="0" colspan="2">
<widget class="QLabel" name="lblToken">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the sandbox integrity itself</string>
</property>
<property name="text">
<string>Sandboxie token</string>
</property>
</widget>
</item>
<item row="4" column="4">
<widget class="QLabel" name="label_65">
<property name="font">
@ -1811,63 +1794,6 @@
</property>
</widget>
</item>
<item row="3" column="1" colspan="3">
<widget class="QCheckBox" name="chkElevateRpcss">
<property name="text">
<string>Start the sandboxed RpcSs as a SYSTEM process (not recommended)</string>
</property>
</widget>
</item>
<item row="11" column="2">
<spacer name="horizontalSpacer_13">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="8" column="2" colspan="2">
<widget class="QLabel" name="label_74">
<property name="text">
<string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="2" column="1" colspan="3">
<widget class="QCheckBox" name="chkRestrictServices">
<property name="text">
<string>Do not start sandboxed services using a system token (recommended)</string>
</property>
</widget>
</item>
<item row="7" column="1" colspan="4">
<widget class="QCheckBox" name="chkSbieLogon">
<property name="text">
<string>Use a Sandboxie login instead of an anonymous token</string>
</property>
</widget>
</item>
<item row="10" column="1">
<spacer name="verticalSpacer">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>5</height>
</size>
</property>
</spacer>
</item>
<item row="5" column="4">
<widget class="QLabel" name="label_64">
<property name="font">
@ -1889,6 +1815,40 @@
</property>
</widget>
</item>
<item row="4" column="1" colspan="3">
<widget class="QCheckBox" name="chkProtectSystem">
<property name="text">
<string>Protect sandboxed SYSTEM processes from unprivileged processes</string>
</property>
</widget>
</item>
<item row="7" column="0" colspan="2">
<widget class="QLabel" name="lblToken">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the sandbox integrity itself</string>
</property>
<property name="text">
<string>Sandboxie token</string>
</property>
</widget>
</item>
<item row="9" column="2" colspan="2">
<widget class="QLabel" name="label_74">
<property name="text">
<string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="5" column="1" colspan="3">
<widget class="QCheckBox" name="chkDropPrivileges">
<property name="text">
@ -1896,6 +1856,19 @@
</property>
</widget>
</item>
<item row="12" column="2">
<spacer name="horizontalSpacer_13">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="0">
<widget class="QLabel" name="lblPrivilege">
<property name="font">
@ -1913,14 +1886,41 @@
</property>
</widget>
</item>
<item row="4" column="1" colspan="3">
<widget class="QCheckBox" name="chkProtectSystem">
<item row="3" column="1" colspan="3">
<widget class="QCheckBox" name="chkElevateRpcss">
<property name="text">
<string>Protect sandboxed SYSTEM processes from unprivileged processes</string>
<string>Start the sandboxed RpcSs as a SYSTEM process (not recommended)</string>
</property>
</widget>
</item>
<item row="9" column="1" colspan="4">
<item row="8" column="1" colspan="4">
<widget class="QCheckBox" name="chkSbieLogon">
<property name="text">
<string>Use a Sandboxie login instead of an anonymous token</string>
</property>
</widget>
</item>
<item row="2" column="1" colspan="3">
<widget class="QCheckBox" name="chkRestrictServices">
<property name="text">
<string>Do not start sandboxed services using a system token (recommended)</string>
</property>
</widget>
</item>
<item row="11" column="1">
<spacer name="verticalSpacer">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>5</height>
</size>
</property>
</spacer>
</item>
<item row="10" column="1" colspan="4">
<widget class="QCheckBox" name="chkCreateToken">
<property name="toolTip">
<string>Checked: A local group will also be added to the newly created sandboxed token, which allows addressing all sandboxes at once. Would be useful for auditing policies.
@ -1934,6 +1934,13 @@ Partially checked: No groups will be added to the newly created sandboxed token.
</property>
</widget>
</item>
<item row="6" column="1" colspan="2">
<widget class="QCheckBox" name="chkDropConHostIntegrity">
<property name="text">
<string>Drop ConHost.exe Process Integrity Level</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
@ -5256,7 +5263,7 @@ instead of &quot;*&quot;.</string>
<rect>
<x>0</x>
<y>0</y>
<width>75</width>
<width>92</width>
<height>16</height>
</rect>
</property>

3
SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
View File

@ -31,6 +31,7 @@ void COptionsWindow::CreateAdvanced()
connect(ui.chkElevateRpcss, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkProtectSystem, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkDropPrivileges, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkDropConHostIntegrity, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkOpenCOM, SIGNAL(clicked(bool)), this, SLOT(OnOpenCOM()));
connect(ui.chkComTimeout, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
@ -168,6 +169,7 @@ void COptionsWindow::LoadAdvanced()
ui.chkElevateRpcss->setChecked(m_pBox->GetBool("RunRpcssAsSystem", false));
ui.chkProtectSystem->setChecked(!m_pBox->GetBool("ExposeBoxedSystem", false));
ui.chkDropPrivileges->setChecked(m_pBox->GetBool("StripSystemPrivileges", true));
ui.chkDropConHostIntegrity->setChecked(m_pBox->GetBool("DropConHostIntegrity", false));
ui.chkForceRestart->setChecked(m_pBox->GetBool("ForceRestartAll", false));
@ -424,6 +426,7 @@ void COptionsWindow::SaveAdvanced()
WriteAdvancedCheck(ui.chkElevateRpcss, "RunRpcssAsSystem", "y", "");
WriteAdvancedCheck(ui.chkProtectSystem, "ExposeBoxedSystem", "", "y");
WriteAdvancedCheck(ui.chkDropPrivileges, "StripSystemPrivileges", "", "n");
WriteAdvancedCheck(ui.chkDropConHostIntegrity, "DropConHostIntegrity", "y", "");
WriteAdvancedCheck(ui.chkComTimeout, "RpcMgmtSetComTimeout", "n", "");