mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

systemless MSIServer + fixes and some cleanup

This commit is contained in:
DavidXanatos 2021-07-12 22:22:22 +02:00
parent 1b7ebbd904
commit a4e6b4913b
23 changed files with 283 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CHANGELOG.md
View File

@ -2,10 +2,27 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/). This project adheres to [Semantic Versioning](http://semver.org/).
## [0.8.8 / 5.50.8] - 2021-07-12
### Changed
- MSIServer no longer requirers being run as system completing the move to not using system tockens in a sandbox by default
-- the security enhanced option "MsiInstallerExemptions=n" is now the default behavioure
### Fixed
- fixed issue with the "Explore Sandboxed" command [#972](https://github.com/sandboxie-plus/Sandboxie/issues/972)
- rolled back the switch from using NtQueryKey to NtQueryObject as it seams to bream soem older w10 versions liek 1803 [#984](https://github.com/sandboxie-plus/Sandboxie/issues/984)
-- this change was introduced to fix [#951](https://github.com/sandboxie-plus/Sandboxie/issues/951)
-- to use NtQueryObject the option "UseObjectNameForKeys=y" can be added to sandboxie.ini
## [0.8.7b / 5.50.7] - 2021-07-11 ## [0.8.7b / 5.50.7] - 2021-07-11
### Fixed ### Fixed
- fixed issue with boxes that had auto-delete activated introduced in the previous build - fixed issue with boxes that had auto-delete activated introduced in the previous build [#986](https://github.com/sandboxie-plus/Sandboxie/issues/986)
## [0.8.7 / 5.50.7] - 2021-07-10 ## [0.8.7 / 5.50.7] - 2021-07-10

5
Sandboxie/apps/common/Common.vcxproj
View File

@ -103,7 +103,6 @@
<ItemGroup> <ItemGroup>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="..\..\common\my_ntdll.c" />
<ClCompile Include="BoxOrder.c" /> <ClCompile Include="BoxOrder.c" />
<ClCompile Include="DlgTmplRtl.cpp" /> <ClCompile Include="DlgTmplRtl.cpp" />
<ClCompile Include="MyFileOp.c" /> <ClCompile Include="MyFileOp.c" />
@ -111,14 +110,10 @@
<ClCompile Include="MyMsgBox.c" /> <ClCompile Include="MyMsgBox.c" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="..\..\common\my_shlwapi.h" />
<ClInclude Include="..\..\common\my_version.h" />
<ClInclude Include="..\..\common\my_xeb.h" />
<ClInclude Include="BoxOrder.h" /> <ClInclude Include="BoxOrder.h" />
<ClInclude Include="CommonUtils.h" /> <ClInclude Include="CommonUtils.h" />
<ClInclude Include="MyGdi.h" /> <ClInclude Include="MyGdi.h" />
<ClInclude Include="MyMsgBox.h" /> <ClInclude Include="MyMsgBox.h" />
<ClInclude Include="MyPool.h" />
</ItemGroup> </ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets"> <ImportGroup Label="ExtensionTargets">

15
Sandboxie/apps/control/Control.vcxproj
View File

@ -183,20 +183,8 @@
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">NotUsing</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">NotUsing</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">NotUsing</PrecompiledHeader>
</ClCompile> </ClCompile>
<ClCompile Include="..\common\BoxOrder.c">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">NotUsing</PrecompiledHeader>
</ClCompile>
<ClCompile Include="..\common\FontStore.cpp" /> <ClCompile Include="..\common\FontStore.cpp" />
<ClCompile Include="..\common\Layout.cpp" /> <ClCompile Include="..\common\Layout.cpp" />
<ClCompile Include="..\common\MyGdi.c">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|x64'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|x64'">NotUsing</PrecompiledHeader>
</ClCompile>
<ClCompile Include="..\common\MyMsg.cpp"> <ClCompile Include="..\common\MyMsg.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">NotUsing</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieRelease|Win32'">NotUsing</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">NotUsing</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='SbieDebug|Win32'">NotUsing</PrecompiledHeader>
@ -297,11 +285,8 @@
<ClInclude Include="..\..\common\json\JSON.h" /> <ClInclude Include="..\..\common\json\JSON.h" />
<ClInclude Include="..\..\common\json\JSONValue.h" /> <ClInclude Include="..\..\common\json\JSONValue.h" />
<ClInclude Include="..\..\common\my_version.h" /> <ClInclude Include="..\..\common\my_version.h" />
<ClInclude Include="..\common\BoxOrder.h" />
<ClInclude Include="..\common\CommonUtils.h" />
<ClInclude Include="..\common\FontStore.h" /> <ClInclude Include="..\common\FontStore.h" />
<ClInclude Include="..\common\Layout.h" /> <ClInclude Include="..\common\Layout.h" />
<ClInclude Include="..\common\MyGdi.h" />
<ClInclude Include="..\common\MyMsg.h" /> <ClInclude Include="..\common\MyMsg.h" />
<ClInclude Include="..\common\RunBrowser.h" /> <ClInclude Include="..\common\RunBrowser.h" />
<ClInclude Include="..\common\RunStartExe.h" /> <ClInclude Include="..\common\RunStartExe.h" />

15
Sandboxie/apps/control/Control.vcxproj.filters
View File

@ -54,18 +54,12 @@
<ClCompile Include="UserSettings.cpp" /> <ClCompile Include="UserSettings.cpp" />
<ClCompile Include="ViewTemplateDialog.cpp" /> <ClCompile Include="ViewTemplateDialog.cpp" />
<ClCompile Include="WindowTitleMap.cpp" /> <ClCompile Include="WindowTitleMap.cpp" />
<ClCompile Include="..\common\BoxOrder.c">
<Filter>common</Filter>
</ClCompile>
<ClCompile Include="..\common\FontStore.cpp"> <ClCompile Include="..\common\FontStore.cpp">
<Filter>common</Filter> <Filter>common</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="..\common\Layout.cpp"> <ClCompile Include="..\common\Layout.cpp">
<Filter>common</Filter> <Filter>common</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="..\common\MyGdi.c">
<Filter>common</Filter>
</ClCompile>
<ClCompile Include="..\common\MyMsg.cpp"> <ClCompile Include="..\common\MyMsg.cpp">
<Filter>common</Filter> <Filter>common</Filter>
</ClCompile> </ClCompile>
@ -137,18 +131,12 @@
<ClInclude Include="UserSettings.h" /> <ClInclude Include="UserSettings.h" />
<ClInclude Include="ViewTemplateDialog.h" /> <ClInclude Include="ViewTemplateDialog.h" />
<ClInclude Include="WindowTitleMap.h" /> <ClInclude Include="WindowTitleMap.h" />
<ClInclude Include="..\common\BoxOrder.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="..\common\FontStore.h"> <ClInclude Include="..\common\FontStore.h">
<Filter>common</Filter> <Filter>common</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\common\Layout.h"> <ClInclude Include="..\common\Layout.h">
<Filter>common</Filter> <Filter>common</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\common\MyGdi.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="..\common\MyMsg.h"> <ClInclude Include="..\common\MyMsg.h">
<Filter>common</Filter> <Filter>common</Filter>
</ClInclude> </ClInclude>
@ -166,9 +154,6 @@
</ClInclude> </ClInclude>
<ClInclude Include="UpdateDialog.h" /> <ClInclude Include="UpdateDialog.h" />
<ClInclude Include="Updater.h" /> <ClInclude Include="Updater.h" />
<ClInclude Include="..\common\CommonUtils.h">
<Filter>common</Filter>
</ClInclude>
<ClInclude Include="..\common\RunStartExe.h"> <ClInclude Include="..\common\RunStartExe.h">
<Filter>common</Filter> <Filter>common</Filter>
</ClInclude> </ClInclude>

4
Sandboxie/common/my_version.h
View File

@ -21,8 +21,8 @@
#ifndef _MY_VERSION_H #ifndef _MY_VERSION_H
#define _MY_VERSION_H #define _MY_VERSION_H
#define MY_VERSION_BINARY 5,50,7 #define MY_VERSION_BINARY 5,50,8
#define MY_VERSION_STRING "5.50.7" #define MY_VERSION_STRING "5.50.8"
#define MY_VERSION_COMPAT "5.50.0" // this refers to the driver ABI compatibility #define MY_VERSION_COMPAT "5.50.0" // this refers to the driver ABI compatibility
// These #defines are used by either Resource Compiler, or by NSIC installer // These #defines are used by either Resource Compiler, or by NSIC installer

6
Sandboxie/core/dll/dll.h
View File

@ -181,6 +181,12 @@ typedef struct _THREAD_DATA {
ULONG file_dont_strip_write_access; ULONG file_dont_strip_write_access;
//
// misc modules
//
HANDLE scm_last_own_token;
// //
// proc module: image path for a child process being started // proc module: image path for a child process being started
// //

35
Sandboxie/core/dll/file.c
View File

@ -2440,6 +2440,22 @@ _FX NTSTATUS File_NtCreateFileImpl(
if (Dll_OsBuild >= 8400 && Dll_ImageType == DLL_IMAGE_TRUSTED_INSTALLER) if (Dll_OsBuild >= 8400 && Dll_ImageType == DLL_IMAGE_TRUSTED_INSTALLER)
DesiredAccess &= ~ACCESS_SYSTEM_SECURITY; // for TiWorker.exe (W8) DesiredAccess &= ~ACCESS_SYSTEM_SECURITY; // for TiWorker.exe (W8)
// MSIServer without system
if (Dll_ImageType == DLL_IMAGE_MSI_INSTALLER && (DesiredAccess & ACCESS_SYSTEM_SECURITY) != 0
&& ObjectAttributes && ObjectAttributes->ObjectName && ObjectAttributes->ObjectName->Buffer
&& _wcsicmp(ObjectAttributes->ObjectName->Buffer + (ObjectAttributes->ObjectName->Length / sizeof(WCHAR)) - 3, L".msi") == 0
){
//
// MSIServer when accessing \??\C:\WINDOWS\Installer\???????.msi files will get a PROGOLEGE_NOT_HELD error when requesting ACCESS_SYSTEM_SECURITY
// Howeever if we broadly clear this flag we will get error 1946 'System.AppUserModel.ID' could not be set on *.lnk files
//
DesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
}
__try { __try {
IoStatusBlock->Information = FILE_DOES_NOT_EXIST; IoStatusBlock->Information = FILE_DOES_NOT_EXIST;
@ -3018,6 +3034,25 @@ ReparseLoop:
// while(!IsDebuggerPresent()) Sleep(50); __debugbreak(); // while(!IsDebuggerPresent()) Sleep(50); __debugbreak();
//} //}
// MSIServer without system
if (status == STATUS_ACCESS_DENIED && Dll_ImageType == DLL_IMAGE_MSI_INSTALLER
&& ObjectAttributes->ObjectName->Buffer && ObjectAttributes->ObjectName->Length >= 34
&& _wcsicmp(ObjectAttributes->ObjectName->Buffer + (ObjectAttributes->ObjectName->Length / sizeof(WCHAR)) - 11, L"\\Config.Msi") == 0
) {
//
// MSI must not fail accessing \??\C:\WINDOWS\Installer\Config.msi but this folder is readable only for system,
// so we create a boxed copy copy instead and open it
//
RtlInitUnicodeString(&objname, CopyPath);
status = __sys_NtCreateFile(
FileHandle, DesiredAccess, &objattrs,
IoStatusBlock, AllocationSize, FileAttributes,
ShareAccess, FILE_OPEN_IF, FILE_DIRECTORY_FILE,
EaBuffer, EaLength);
}
// //
// special case for SandboxieCrypto on Windows Vista, // special case for SandboxieCrypto on Windows Vista,
// which tries to open catdb that are locked by // which tries to open catdb that are locked by

24
Sandboxie/core/dll/file_dir.c
View File

@ -170,7 +170,7 @@ static void File_InitRecoverList(
const WCHAR *setting, LIST *list, BOOLEAN MustBeValidPath, const WCHAR *setting, LIST *list, BOOLEAN MustBeValidPath,
WCHAR *buf, ULONG buf_len); WCHAR *buf, ULONG buf_len);
static void File_NotifyRecover(HANDLE FileHandle, MSG_HEADER **out_req); static void File_NotifyRecover(HANDLE FileHandle);
static BOOLEAN File_IsRecoverable(const WCHAR *TruePath); static BOOLEAN File_IsRecoverable(const WCHAR *TruePath);
@ -1917,7 +1917,6 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
NTSTATUS status; NTSTATUS status;
ULONG type; ULONG type;
FILE_MERGE *merge; FILE_MERGE *merge;
MSG_HEADER *req;
P_NtClose pSysNtClose = __sys_NtClose; P_NtClose pSysNtClose = __sys_NtClose;
@ -1961,6 +1960,13 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
Key_NtClose(FileHandle); Key_NtClose(FileHandle);
} }
//
// special handling for scm_msi.c
//
if (TlsData->scm_last_own_token == FileHandle)
TlsData->scm_last_own_token = NULL;
// //
// if not closing a file handle, stop here // if not closing a file handle, stop here
// //
@ -1978,8 +1984,6 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
// close for a real handle // close for a real handle
// //
req = NULL;
EnterCriticalSection(&File_DirHandles_CritSec); EnterCriticalSection(&File_DirHandles_CritSec);
merge = List_Head(&File_DirHandles); merge = List_Head(&File_DirHandles);
@ -1998,17 +2002,10 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle)
// close and recover file // close and recover file
// //
File_NotifyRecover(FileHandle, &req); File_NotifyRecover(FileHandle);
status = pSysNtClose ? pSysNtClose(FileHandle) : NtClose(FileHandle); status = pSysNtClose ? pSysNtClose(FileHandle) : NtClose(FileHandle);
if (req) {
MSG_HEADER *rpl = SbieDll_CallServer(req);
Dll_Free(req);
if (rpl)
Dll_Free(rpl);
}
TlsData->file_NtClose_lock = FALSE; TlsData->file_NtClose_lock = FALSE;
SetLastError(LastError); SetLastError(LastError);
@ -2672,8 +2669,7 @@ _FX void File_DuplicateRecover(
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
_FX void File_NotifyRecover( _FX void File_NotifyRecover(HANDLE FileHandle)
HANDLE FileHandle, MSG_HEADER **out_req)
{ {
THREAD_DATA *TlsData = Dll_GetTlsData(NULL); THREAD_DATA *TlsData = Dll_GetTlsData(NULL);

6
Sandboxie/core/dll/gui.c
View File

@ -526,9 +526,6 @@ import_fail:
if (ok) if (ok)
ok = Gui_InitMsg(); ok = Gui_InitMsg();
if (ok)
ok = Gui_InitWinHooks();
if (ok) if (ok)
ok = Gui_InitDlgTmpl(); ok = Gui_InitDlgTmpl();
@ -540,6 +537,9 @@ import_fail:
return ok; return ok;
// NoSbieDesk END // NoSbieDesk END
if (ok)
ok = Gui_InitWinHooks();
SBIEDLL_HOOK_GUI(AttachThreadInput); SBIEDLL_HOOK_GUI(AttachThreadInput);
return ok; return ok;

6
Sandboxie/core/dll/guihook.c
View File

@ -96,6 +96,7 @@ static CRITICAL_SECTION Gui_HooksCritSec;
static LIST Gui_Hooks; static LIST Gui_Hooks;
static DWORD Gui_HookHelperThreadId = 0; static DWORD Gui_HookHelperThreadId = 0;
static int Gui_HookCount = 0; static int Gui_HookCount = 0;
static BOOLEAN Gui_HookInit = FALSE;
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Gui_InitWinHooks // Gui_InitWinHooks
@ -111,6 +112,8 @@ _FX BOOLEAN Gui_InitWinHooks(void)
SBIEDLL_HOOK_GUI(SetWindowsHookExW); SBIEDLL_HOOK_GUI(SetWindowsHookExW);
SBIEDLL_HOOK_GUI(UnhookWindowsHookEx); SBIEDLL_HOOK_GUI(UnhookWindowsHookEx);
Gui_HookInit = TRUE;
return TRUE; return TRUE;
} }
@ -618,6 +621,9 @@ _FX BOOL Gui_UnhookWindowsHookEx(HHOOK hhk)
_FX LRESULT Gui_NotifyWinHooks() _FX LRESULT Gui_NotifyWinHooks()
{ {
if (!Gui_HookInit)
return 0;
GUI_WND_HOOK_NOTIFY_REQ req; GUI_WND_HOOK_NOTIFY_REQ req;
GUI_WND_HOOK_NOTIFY_RPL *rpl; GUI_WND_HOOK_NOTIFY_RPL *rpl;

59
Sandboxie/core/dll/key.c
View File

@ -301,6 +301,9 @@ static const ULONG Key_ClickToRunLen_v16 = 63;
static const WCHAR *Key_Wow6432Node = L"\\Wow6432Node\\"; static const WCHAR *Key_Wow6432Node = L"\\Wow6432Node\\";
static BOOLEAN Key_UseObjectNames = FALSE;
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Debug Prints // Debug Prints
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
@ -351,6 +354,8 @@ _FX BOOLEAN Key_Init(void)
SbieDll_MatchPath(L'k', (const WCHAR *)-1); SbieDll_MatchPath(L'k', (const WCHAR *)-1);
Key_UseObjectNames = SbieApi_QueryConfBool(NULL, L"UseObjectNameForKeys", FALSE);
List_Init(&Key_Handles); List_Init(&Key_Handles);
List_Init(&Key_MergeCacheList); List_Init(&Key_MergeCacheList);
@ -448,23 +453,55 @@ _FX NTSTATUS Key_GetName(
name = Dll_GetTlsNameBuffer( name = Dll_GetTlsNameBuffer(
TlsData, TRUE_NAME_BUFFER, length + objname_len); TlsData, TRUE_NAME_BUFFER, length + objname_len);
status = Obj_GetObjectName(RootDirectory, name, &length); if (Key_UseObjectNames)
{
if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_BUFFER_TOO_SMALL || status == STATUS_INFO_LENGTH_MISMATCH) { //
// Note: some keys like L"\\REGISTRY\\MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib\\007"
name = Dll_GetTlsNameBuffer( // do not return valid results when querying using NtQueryKey and returns a STATUS_INVALID_HANDLE
TlsData, TRUE_NAME_BUFFER, length + objname_len); // using Obj_GetObjectName seams to break sbie on 1803, strangely on w7 its fine
// hence this alternative access mode is made optional
//
status = Obj_GetObjectName(RootDirectory, name, &length); status = Obj_GetObjectName(RootDirectory, name, &length);
if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_BUFFER_TOO_SMALL || status == STATUS_INFO_LENGTH_MISMATCH) {
name = Dll_GetTlsNameBuffer(
TlsData, TRUE_NAME_BUFFER, length + objname_len);
status = Obj_GetObjectName(RootDirectory, name, &length);
}
if (!NT_SUCCESS(status))
return status;
*OutTruePath = ((OBJECT_NAME_INFORMATION*)name)->Name.Buffer;
name = (*OutTruePath)
+ ((OBJECT_NAME_INFORMATION*)name)->Name.Length / sizeof(WCHAR);
} }
else
{
status = __sys_NtQueryKey(
RootDirectory, KeyNameInformation, name, length, &length);
if (! NT_SUCCESS(status)) if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_BUFFER_TOO_SMALL || status == STATUS_INFO_LENGTH_MISMATCH) {
return status;
*OutTruePath = ((OBJECT_NAME_INFORMATION *)name)->Name.Buffer; name = Dll_GetTlsNameBuffer(
TlsData, TRUE_NAME_BUFFER, length + objname_len);
name = (*OutTruePath) status = __sys_NtQueryKey(
+ ((OBJECT_NAME_INFORMATION *)name)->Name.Length / sizeof(WCHAR); RootDirectory, KeyNameInformation, name, length, &length);
}
if (! NT_SUCCESS(status))
return status;
*OutTruePath = ((KEY_NAME_INFORMATION *)name)->Name;
name = (*OutTruePath)
+ ((KEY_NAME_INFORMATION *)name)->NameLength / sizeof(WCHAR);
}
if (objname_len) { if (objname_len) {

127
Sandboxie/core/dll/scm_msi.c
View File

@ -45,6 +45,20 @@ static HANDLE Scm_CreateWaitableTimerW(
LPSECURITY_ATTRIBUTES lpTimerAttributes, LPSECURITY_ATTRIBUTES lpTimerAttributes,
BOOL bManualReset, LPCWSTR lpTimerName); BOOL bManualReset, LPCWSTR lpTimerName);
static BOOL Scm_OpenProcessToken(
_In_ HANDLE ProcessHandle,
_In_ DWORD DesiredAccess,
_Outptr_ PHANDLE TokenHandle
);
static BOOL Scm_GetTokenInformation(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength,*ReturnLength) LPVOID TokenInformation,
_In_ DWORD TokenInformationLength,
_Out_ PDWORD ReturnLength
);
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Prototypes // Prototypes
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
@ -54,6 +68,19 @@ typedef HANDLE (*P_CreateWaitableTimerW)(
LPSECURITY_ATTRIBUTES lpTimerAttributes, LPSECURITY_ATTRIBUTES lpTimerAttributes,
BOOL bManualReset, LPCWSTR lpTimerName); BOOL bManualReset, LPCWSTR lpTimerName);
typedef BOOL (*P_OpenProcessToken)(
_In_ HANDLE ProcessHandle,
_In_ DWORD DesiredAccess,
_Outptr_ PHANDLE TokenHandle
);
typedef BOOL (*P_GetTokenInformation)(
_In_ HANDLE TokenHandle,
_In_ TOKEN_INFORMATION_CLASS TokenInformationClass,
_Out_writes_bytes_to_opt_(TokenInformationLength,*ReturnLength) LPVOID TokenInformation,
_In_ DWORD TokenInformationLength,
_Out_ PDWORD ReturnLength
);
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Pointers // Pointers
@ -62,6 +89,9 @@ typedef HANDLE (*P_CreateWaitableTimerW)(
static P_CreateWaitableTimerW __sys_CreateWaitableTimerW = NULL; static P_CreateWaitableTimerW __sys_CreateWaitableTimerW = NULL;
static P_OpenProcessToken __sys_OpenProcessToken = NULL;
static P_GetTokenInformation __sys_GetTokenInformation = NULL;
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Variables // Variables
@ -87,12 +117,50 @@ _FX BOOLEAN Scm_SetupMsiHooks()
//__debugbreak(); //__debugbreak();
P_CreateWaitableTimerW CreateWaitableTimerW = (P_CreateWaitableTimerW)GetProcAddress(Dll_Kernel32, "CreateWaitableTimerW"); P_CreateWaitableTimerW CreateWaitableTimerW = (P_CreateWaitableTimerW)GetProcAddress(Dll_Kernel32, "CreateWaitableTimerW");
SBIEDLL_HOOK(Scm_, CreateWaitableTimerW); SBIEDLL_HOOK(Scm_, CreateWaitableTimerW);
//// hook privilege-related functions
//if (!Hook_Privilege()) //
// return FALSE; // To run MSIServer without system privileges we need to make it think it is running as system
// we do that by hooking OpenProcessToken and if it opened the current process caching the resulting token handle
// than in GetTokenInformation when asked for TokenUser for this handle we return the system SID
// finally on NtClose we clear the cached token value in case it gets reused later
//
/*
msi.dll!RunningAsLocalSystem
v2 = GetCurrentProcess();
if ( OpenProcessToken(v2, 8u, &hObject) )
{
v3 = IsLocalSystemToken(hObject);
...
msi.dll!IsLocalSystemToken
if ( GetUserSID(a1, Sid) )
return 0;
StringSid = 0i64;
if ( !ConvertSidToStringSidW(Sid, &StringSid) )
return 0;
v2 = L"S-1-5-18";
wcscmp...
msi.dll!GetUserSID
if ( GetTokenInformation(a1, TokenUser, TokenInformation, 0x58u, ReturnLength) )
{
if ( CopySid(0x48u, a2, TokenInformation[0]) )
...
*/
// MSIServer without system - fake running as system
HMODULE hAdvapi32 = LoadLibrary(L"Advapi32.dll");
void *OpenProcessToken = (P_OpenProcessToken)GetProcAddress(hAdvapi32, "OpenProcessToken");
SBIEDLL_HOOK(Scm_, OpenProcessToken);
void *GetTokenInformation = (P_GetTokenInformation)GetProcAddress(hAdvapi32, "GetTokenInformation");
SBIEDLL_HOOK(Scm_, GetTokenInformation);
return TRUE; return TRUE;
} }
@ -118,6 +186,57 @@ _FX HANDLE Scm_CreateWaitableTimerW(
} }
//---------------------------------------------------------------------------
// Scm_OpenProcessToken
//---------------------------------------------------------------------------
_FX BOOL Scm_OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE phTokenOut)
{
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
NTSTATUS status = __sys_OpenProcessToken(ProcessHandle, DesiredAccess, phTokenOut);
if (NT_SUCCESS(status) && ProcessHandle == GetCurrentProcess()) {
TlsData->scm_last_own_token = *phTokenOut;
}
return status;
}
//---------------------------------------------------------------------------
// Scm_GetTokenInformation
//---------------------------------------------------------------------------
_FX BOOL Scm_GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass,
LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
{
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
static const UCHAR sid[12] = {
1, // Revision
1, // SubAuthorityCount
0,0,0,0,0,5, // SECURITY_NT_AUTHORITY // IdentifierAuthority
SECURITY_LOCAL_SYSTEM_RID // SubAuthority
};
if (TokenInformationClass == TokenUser && TlsData->scm_last_own_token == TokenHandle
&& TokenInformationLength >= sizeof(TOKEN_USER) + sizeof(sid))
{
PTOKEN_USER token_user = (PTOKEN_USER)TokenInformation;
token_user->User.Sid = (PSID)(((UCHAR*)TokenInformation) + sizeof(TOKEN_USER));
memcpy(token_user->User.Sid, sid, sizeof(sid));
*ReturnLength = sizeof(TOKEN_USER) + sizeof(sid);
return TRUE;
}
return __sys_GetTokenInformation(TokenHandle, TokenInformationClass, TokenInformation, TokenInformationLength, ReturnLength);
}
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Scm_SetupMsiWaiter // Scm_SetupMsiWaiter
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------

4
Sandboxie/core/drv/includes.c
View File

@ -66,5 +66,5 @@ extern const ULONG tzuk;
/* BigNum */ /* BigNum */
#define BIGNUM_WITH_FROM_STRING //#define BIGNUM_WITH_FROM_STRING
#include "common/bignum.c" //#include "common/bignum.c"

2
Sandboxie/core/drv/thread_token.c
View File

@ -640,7 +640,7 @@ _FX void *Thread_SetInformationProcess_PrimaryToken_3(
} }
// //
// special allowance for MSIServer // special allowance for MSIServer running without system privileges
// //
if (!proc->image_from_box && if (!proc->image_from_box &&

12
Sandboxie/core/drv/token.c
View File

@ -1246,18 +1246,6 @@ _FX void *Token_RestrictHelper1(
if (SidInToken && SidInToken[1] >= 1) { // SubAuthorityCount >= 1 if (SidInToken && SidInToken[1] >= 1) { // SubAuthorityCount >= 1
PSID NewSid = NULL; PSID NewSid = NULL;
//
// Alternative (less secure) workaround for msi issue started with windows 17763
// the workaround in Proc_CreateProcessInternalW_RS5 makes solves thsi usse well
//
//if (!proc->image_from_box && _wcsicmp(proc->image_name, L"msiexec.exe") == 0
// && RtlEqualSid(SidInToken, SystemLogonSid)
// && Conf_Get_Boolean(proc->box->name, L"MsiInstallerExemptions", 0, FALSE))
//{
// //DbgPrint("Sbie, MsiServer was allowed to keep its system token\n");
//}
//else
// SbieLogin BEGIN // SbieLogin BEGIN
if (Conf_Get_Boolean(proc->box->name, L"SandboxieLogon", 0, FALSE)) if (Conf_Get_Boolean(proc->box->name, L"SandboxieLogon", 0, FALSE))

6
Sandboxie/core/svc/ProcessServer.cpp
View File

@ -1032,9 +1032,9 @@ BOOL ProcessServer::RunSandboxedStripPrivilege(HANDLE NewTokenHandle, LPCWSTR lp
BOOL ProcessServer::RunSandboxedStripPrivileges(HANDLE NewTokenHandle) BOOL ProcessServer::RunSandboxedStripPrivileges(HANDLE NewTokenHandle)
{ {
BOOLEAN ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_TCB_NAME); BOOLEAN ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_TCB_NAME); // security critical
if (ok) ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_CREATE_TOKEN_NAME); if (ok) ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_CREATE_TOKEN_NAME); // usualyl not held, but in case
if (ok) ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_ASSIGNPRIMARYTOKEN_NAME); //if (ok) ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_ASSIGNPRIMARYTOKEN_NAME);
return ok; return ok;
} }

2
Sandboxie/core/svc/serviceserver2.cpp
View File

@ -285,7 +285,7 @@ MSG_HEADER *ServiceServer::RunHandler(MSG_HEADER *msg, HANDLE idProcess)
int ServiceServer::RunServiceAsSystem(const WCHAR* svcname, const WCHAR* boxname) int ServiceServer::RunServiceAsSystem(const WCHAR* svcname, const WCHAR* boxname)
{ {
// exception for MSIServer, see also core/drv/thread_token.c // exception for MSIServer, see also core/drv/thread_token.c
if (svcname && _wcsicmp(svcname, L"MSIServer") == 0 && SbieApi_QueryConfBool(boxname, L"MsiInstallerExemptions", TRUE)) if (svcname && _wcsicmp(svcname, L"MSIServer") == 0 && SbieApi_QueryConfBool(boxname, L"MsiInstallerExemptions", FALSE))
return 2; return 2;
// legacy behavioure option // legacy behavioure option

29
SandboxiePlus/QSbieAPI/SbieAPI.cpp
View File

@ -982,19 +982,26 @@ SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, QPr
if (m_SbiePath.isEmpty()) if (m_SbiePath.isEmpty())
return SB_ERR(SB_PathFail); return SB_ERR(SB_PathFail);
//bool bStart = (Command == "run_dialog" || Command == "default_browser" || Command == "mail_agent" || Command.left(10) == "start_menu"); QString StartArgs;
if(Elevated)
QString StartCmd = "\"" + GetStartPath() + "\"" + (Elevated ? " /elevated" : ""); StartArgs += "/elevated ";
if (!BoxName.isEmpty()) if (!BoxName.isEmpty())
StartCmd += " /box:" + BoxName + " "; StartArgs += "/box:" + BoxName + " ";
else else
StartCmd += " /disable_force "; StartArgs += "/disable_force ";
StartCmd += Command; StartArgs += Command;
if (pProcess) if (pProcess) {
pProcess->start(StartCmd); pProcess->setProgram(GetStartPath());
else pProcess->setNativeArguments(StartArgs);
QProcess::startDetached(StartCmd); pProcess->start();
}
else {
QProcess process;
process.setProgram(GetStartPath());
process.setNativeArguments(StartArgs);
process.startDetached();
}
return SB_OK; return SB_OK;
} }
@ -2234,7 +2241,7 @@ void CSbieAPI::AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge)
m_TraceList.append(LogEntry); m_TraceList.append(LogEntry);
} }
QList<CTraceEntryPtr> CSbieAPI::GetTrace() const QVector<CTraceEntryPtr> CSbieAPI::GetTrace() const
{ {
QReadLocker Lock(&m_TraceMutex); QReadLocker Lock(&m_TraceMutex);

4
SandboxiePlus/QSbieAPI/SbieAPI.h
View File

@ -110,7 +110,7 @@ public:
virtual bool IsMonitoring(); virtual bool IsMonitoring();
virtual void AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge = false); virtual void AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge = false);
virtual QList<CTraceEntryPtr> GetTrace() const; virtual QVector<CTraceEntryPtr> GetTrace() const;
virtual void ClearTrace() { QWriteLocker Lock(&m_TraceMutex); m_TraceList.clear(); m_LastTraceEntry = 0; } virtual void ClearTrace() { QWriteLocker Lock(&m_TraceMutex); m_TraceList.clear(); m_LastTraceEntry = 0; }
// Other // Other
@ -185,7 +185,7 @@ protected:
QMap<quint32, CBoxedProcessPtr> m_BoxedProxesses; QMap<quint32, CBoxedProcessPtr> m_BoxedProxesses;
mutable QReadWriteLock m_TraceMutex; mutable QReadWriteLock m_TraceMutex;
QList<CTraceEntryPtr> m_TraceList; QVector<CTraceEntryPtr> m_TraceList;
int m_LastTraceEntry; int m_LastTraceEntry;
mutable QReadWriteLock m_DriveLettersMutex; mutable QReadWriteLock m_DriveLettersMutex;

2
SandboxiePlus/SandMan/Models/TraceModel.cpp
View File

@ -48,7 +48,7 @@ bool CTraceModel::TestPath(const QList<QVariant>& Path, const CTraceEntryPtr& pE
return Path.size() == Index; return Path.size() == Index;
}*/ }*/
QList<QVariant> CTraceModel::Sync(const QList<CTraceEntryPtr>& EntryList, void* BoxPtr) QList<QVariant> CTraceModel::Sync(const QVector<CTraceEntryPtr>& EntryList, void* BoxPtr)
{ {
QList<QVariant> Added; QList<QVariant> Added;
QMap<QList<QVariant>, QList<STreeNode*> > New; QMap<QList<QVariant>, QList<STreeNode*> > New;

2
SandboxiePlus/SandMan/Models/TraceModel.h
View File

@ -11,7 +11,7 @@ public:
CTraceModel(QObject* parent = 0); CTraceModel(QObject* parent = 0);
~CTraceModel(); ~CTraceModel();
QList<QVariant> Sync(const QList<CTraceEntryPtr>& EntryList, void* BoxPtr); QList<QVariant> Sync(const QVector<CTraceEntryPtr>& EntryList, void* BoxPtr);
CTraceEntryPtr GetEntry(const QModelIndex& index) const; CTraceEntryPtr GetEntry(const QModelIndex& index) const;

2
SandboxiePlus/SandMan/Views/TraceView.cpp
View File

@ -127,7 +127,7 @@ void CTraceView::Refresh()
if(m_pOnlyCurrent->isChecked()) if(m_pOnlyCurrent->isChecked())
Boxes = theGUI->GetBoxView()->GetSelectedBoxes(); Boxes = theGUI->GetBoxView()->GetSelectedBoxes();
QList<CTraceEntryPtr> ResourceLog = theAPI->GetTrace(); QVector<CTraceEntryPtr> ResourceLog = theAPI->GetTrace();
//m_pTraceModel->Sync(ResourceLog, Pids); //m_pTraceModel->Sync(ResourceLog, Pids);
QList<QVariant> Added = m_pTraceModel->Sync(ResourceLog, Boxes.count() == 1 ? Boxes.first().data() : NULL); QList<QVariant> Added = m_pTraceModel->Sync(ResourceLog, Boxes.count() == 1 ? Boxes.first().data() : NULL);

4
SandboxiePlus/version.h
View File

@ -2,8 +2,8 @@
#define VERSION_MJR 0 #define VERSION_MJR 0
#define VERSION_MIN 8 #define VERSION_MIN 8
#define VERSION_REV 7 #define VERSION_REV 8
#define VERSION_UPD 2 #define VERSION_UPD 0
#ifndef STR #ifndef STR
#define STR2(X) #X #define STR2(X) #X