This commit is contained in:
DavidXanatos 2024-10-18 22:02:07 +02:00
parent c845a49ac2
commit 7c9d4e0877
3 changed files with 166 additions and 143 deletions

View File

@ -1135,58 +1135,6 @@
<layout class="QGridLayout" name="gridLayout_53"> <layout class="QGridLayout" name="gridLayout_53">
<item row="0" column="0"> <item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_52"> <layout class="QGridLayout" name="gridLayout_52">
<item row="2" column="2" colspan="4">
<widget class="QCheckBox" name="chkLockDown">
<property name="text">
<string>Use the original token only for approved NT system calls</string>
</property>
</widget>
</item>
<item row="1" column="1" colspan="5">
<widget class="QCheckBox" name="chkSecurityMode">
<property name="text">
<string>Enable all security enhancements (make security hardened box)</string>
</property>
</widget>
</item>
<item row="4" column="0" colspan="3">
<widget class="QLabel" name="lblElevation">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Elevation restrictions</string>
</property>
</widget>
</item>
<item row="7" column="2" colspan="4">
<widget class="QCheckBox" name="chkFakeElevation">
<property name="text">
<string>Make applications think they are running elevated (allows to run installers safely)</string>
</property>
</widget>
</item>
<item row="6" column="4">
<widget class="QLabel" name="label_40">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>(Recommended)</string>
</property>
</widget>
</item>
<item row="3" column="2" colspan="4"> <item row="3" column="2" colspan="4">
<widget class="QCheckBox" name="chkRestrictDevices"> <widget class="QCheckBox" name="chkRestrictDevices">
<property name="text"> <property name="text">
@ -1194,80 +1142,6 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="0" column="0" colspan="3">
<widget class="QLabel" name="lblSecurity">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Security enhancements</string>
</property>
</widget>
</item>
<item row="9" column="1" colspan="5">
<widget class="QCheckBox" name="chkMsiExemptions">
<property name="text">
<string>Allow MSIServer to run with a sandboxed system token and apply other exceptions if required</string>
</property>
</widget>
</item>
<item row="11" column="3" colspan="3">
<spacer name="horizontalSpacer_10">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="11" column="1">
<spacer name="verticalSpacer_29">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="6" column="1" colspan="3">
<widget class="QCheckBox" name="chkDropRights">
<property name="text">
<string>Drop rights from Administrators and Power Users groups</string>
</property>
</widget>
</item>
<item row="8" column="1" colspan="4">
<widget class="QLabel" name="lblAdmin">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>CAUTION: When running under the built in administrator, processes can not drop administrative privileges.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="10" column="2" colspan="3"> <item row="10" column="2" colspan="3">
<widget class="QLabel" name="label_28"> <widget class="QLabel" name="label_28">
<property name="text"> <property name="text">
@ -1278,23 +1152,6 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="5" column="1" colspan="4">
<widget class="QLabel" name="label_35">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Security note: Elevated applications running under the supervision of Sandboxie, with an admin or system token, have more opportunities to bypass isolation and modify the system outside the sandbox.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="10" column="1"> <item row="10" column="1">
<widget class="QLabel" name="label_41"> <widget class="QLabel" name="label_41">
<property name="minimumSize"> <property name="minimumSize">
@ -1314,6 +1171,167 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="13" column="3" colspan="3">
<spacer name="horizontalSpacer_10">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="13" column="1">
<spacer name="verticalSpacer_29">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="9" column="1" colspan="5">
<widget class="QCheckBox" name="chkMsiExemptions">
<property name="text">
<string>Allow MSIServer to run with a sandboxed system token and apply other exceptions if required</string>
</property>
</widget>
</item>
<item row="8" column="1" colspan="4">
<widget class="QLabel" name="lblAdmin">
<property name="font">
<font>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>CAUTION: When running under the built in administrator, processes can not drop administrative privileges.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="5" column="1" colspan="4">
<widget class="QLabel" name="label_35">
<property name="font">
<font>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Security note: Elevated applications running under the supervision of Sandboxie, with an admin or system token, have more opportunities to bypass isolation and modify the system outside the sandbox.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="1" column="1" colspan="5">
<widget class="QCheckBox" name="chkSecurityMode">
<property name="text">
<string>Enable all security enhancements (make security hardened box)</string>
</property>
</widget>
</item>
<item row="6" column="1" colspan="3">
<widget class="QCheckBox" name="chkDropRights">
<property name="text">
<string>Drop rights from Administrators and Power Users groups</string>
</property>
</widget>
</item>
<item row="4" column="0" colspan="3">
<widget class="QLabel" name="lblElevation">
<property name="font">
<font>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Elevation restrictions</string>
</property>
</widget>
</item>
<item row="11" column="0">
<widget class="QLabel" name="lblACLs">
<property name="font">
<font>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>File ACLs</string>
</property>
</widget>
</item>
<item row="7" column="2" colspan="4">
<widget class="QCheckBox" name="chkFakeElevation">
<property name="text">
<string>Make applications think they are running elevated (allows to run installers safely)</string>
</property>
</widget>
</item>
<item row="6" column="4">
<widget class="QLabel" name="label_40">
<property name="font">
<font>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>(Recommended)</string>
</property>
</widget>
</item>
<item row="2" column="2" colspan="4">
<widget class="QCheckBox" name="chkLockDown">
<property name="text">
<string>Use the original token only for approved NT system calls</string>
</property>
</widget>
</item>
<item row="0" column="0" colspan="3">
<widget class="QLabel" name="lblSecurity">
<property name="font">
<font>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Security enhancements</string>
</property>
</widget>
</item>
<item row="12" column="1" colspan="5">
<widget class="QCheckBox" name="chkACLs">
<property name="text">
<string>Use original Access Control Entries for boxed Files and Folders (for MSIServer enable excemptions)</string>
</property>
</widget>
</item>
</layout> </layout>
</item> </item>
</layout> </layout>
@ -5877,6 +5895,7 @@ Please note that this values are currently user specific and saved globally for
<tabstop>chkDropRights</tabstop> <tabstop>chkDropRights</tabstop>
<tabstop>chkFakeElevation</tabstop> <tabstop>chkFakeElevation</tabstop>
<tabstop>chkMsiExemptions</tabstop> <tabstop>chkMsiExemptions</tabstop>
<tabstop>chkACLs</tabstop>
<tabstop>chkNoSecurityIsolation</tabstop> <tabstop>chkNoSecurityIsolation</tabstop>
<tabstop>chkNoSecurityFiltering</tabstop> <tabstop>chkNoSecurityFiltering</tabstop>
<tabstop>chkConfidential</tabstop> <tabstop>chkConfidential</tabstop>

View File

@ -158,6 +158,7 @@ void COptionsWindow::CreateGeneral()
connect(ui.chkDropRights, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkDropRights, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkFakeElevation, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkFakeElevation, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkMsiExemptions, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkMsiExemptions, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkACLs, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkBlockSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkBlockSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkOpenSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
@ -280,6 +281,7 @@ void COptionsWindow::LoadGeneral()
ui.chkDropRights->setChecked(m_pBox->GetBool("DropAdminRights", false)); ui.chkDropRights->setChecked(m_pBox->GetBool("DropAdminRights", false));
ui.chkFakeElevation->setChecked(m_pBox->GetBool("FakeAdminRights", false)); ui.chkFakeElevation->setChecked(m_pBox->GetBool("FakeAdminRights", false));
ui.chkMsiExemptions->setChecked(m_pBox->GetBool("MsiInstallerExemptions", false)); ui.chkMsiExemptions->setChecked(m_pBox->GetBool("MsiInstallerExemptions", false));
ui.chkACLs->setChecked(m_pBox->GetBool("UseOriginalACLs", false));
ui.chkBlockSpooler->setChecked(m_pBox->GetBool("ClosePrintSpooler", false)); ui.chkBlockSpooler->setChecked(m_pBox->GetBool("ClosePrintSpooler", false));
ui.chkOpenSpooler->setChecked(m_pBox->GetBool("OpenPrintSpooler", false)); ui.chkOpenSpooler->setChecked(m_pBox->GetBool("OpenPrintSpooler", false));
@ -422,6 +424,7 @@ void COptionsWindow::SaveGeneral()
WriteAdvancedCheck(ui.chkDropRights, "DropAdminRights", "y", ""); WriteAdvancedCheck(ui.chkDropRights, "DropAdminRights", "y", "");
WriteAdvancedCheck(ui.chkFakeElevation, "FakeAdminRights", "y", ""); WriteAdvancedCheck(ui.chkFakeElevation, "FakeAdminRights", "y", "");
WriteAdvancedCheck(ui.chkMsiExemptions, "MsiInstallerExemptions", "y", ""); WriteAdvancedCheck(ui.chkMsiExemptions, "MsiInstallerExemptions", "y", "");
WriteAdvancedCheck(ui.chkACLs, "UseOriginalACLs", "y", "");
WriteAdvancedCheck(ui.chkBlockSpooler, "ClosePrintSpooler", "y", ""); WriteAdvancedCheck(ui.chkBlockSpooler, "ClosePrintSpooler", "y", "");
WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", ""); WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", "");

View File

@ -427,6 +427,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
AddIconToLabel(ui.lblLimit, CSandMan::GetIcon("Job2").pixmap(size,size)); AddIconToLabel(ui.lblLimit, CSandMan::GetIcon("Job2").pixmap(size,size));
AddIconToLabel(ui.lblSecurity, CSandMan::GetIcon("Shield5").pixmap(size,size)); AddIconToLabel(ui.lblSecurity, CSandMan::GetIcon("Shield5").pixmap(size,size));
AddIconToLabel(ui.lblElevation, CSandMan::GetIcon("Shield9").pixmap(size,size)); AddIconToLabel(ui.lblElevation, CSandMan::GetIcon("Shield9").pixmap(size,size));
AddIconToLabel(ui.lblACLs, CSandMan::GetIcon("Ampel").pixmap(size,size));
AddIconToLabel(ui.lblBoxProtection, CSandMan::GetIcon("BoxConfig").pixmap(size,size)); AddIconToLabel(ui.lblBoxProtection, CSandMan::GetIcon("BoxConfig").pixmap(size,size));
AddIconToLabel(ui.lblNetwork, CSandMan::GetIcon("Network").pixmap(size,size)); AddIconToLabel(ui.lblNetwork, CSandMan::GetIcon("Network").pixmap(size,size));
AddIconToLabel(ui.lblPrinting, CSandMan::GetIcon("Printer").pixmap(size,size)); AddIconToLabel(ui.lblPrinting, CSandMan::GetIcon("Printer").pixmap(size,size));