mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.5.1

This commit is contained in:
DavidXanatos 2022-10-24 22:05:58 +02:00
parent b629fe31a4
commit d2301a5f52
9 changed files with 59 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -15,6 +15,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- properly fixed the Firefox 106 issue [46e9979](https://github.com/sandboxie-plus/Sandboxie/commit/46e99799e2b753b85224dc921ec141a05025acfd)
- fixed issue with alternative UI modes [#2380](https://github.com/sandboxie-plus/Sandboxie/issues/2380)
- fixed command line corruption with breakout processes [#2377](https://github.com/sandboxie-plus/Sandboxie/issues/2377)
- fixed issues with Privacy Enchanced box types
## [1.5.0 / 5.60.0] - 2022-10-19

18
Sandboxie/core/dll/custom.c
View File

@ -75,7 +75,7 @@ _FX BOOLEAN CustomizeSandbox(void)
if ((Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0) {
Key_CreateBaseKeys();
//Key_CreateBaseKeys();
Key_CreateBaseFolders();
}
@ -920,7 +920,11 @@ _FX HANDLE OpenExplorerKey(
InitializeObjectAttributes(
&objattrs, &uni, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenKey(&HKey_Root, KEY_READ, &objattrs);
status = Key_OpenOrCreateIfBoxed(&HKey_Root, KEY_READ, &objattrs);
if (status == STATUS_BAD_INITIAL_PC) {
*error = 0;
return INVALID_HANDLE_VALUE;
}
if (status != STATUS_SUCCESS) {
*error = 0x99;
@ -934,7 +938,11 @@ _FX HANDLE OpenExplorerKey(
RtlInitUnicodeString(&uni, _Explorer);
InitializeObjectAttributes(
&objattrs, &uni, OBJ_CASE_INSENSITIVE, HKey_Root, NULL);
status = NtOpenKey(&HKey_Explorer, KEY_READ, &objattrs);
status = Key_OpenOrCreateIfBoxed(&HKey_Explorer, KEY_READ, &objattrs);
if (status == STATUS_BAD_INITIAL_PC) {
*error = 0;
return INVALID_HANDLE_VALUE;
}
NtClose(HKey_Root);
@ -951,9 +959,7 @@ _FX HANDLE OpenExplorerKey(
InitializeObjectAttributes(
&objattrs, &uni, OBJ_CASE_INSENSITIVE, HKey_Explorer, NULL);
status = Key_OpenOrCreateIfBoxed(
&HKey_Subkey, KEY_ALL_ACCESS, &objattrs);
status = Key_OpenOrCreateIfBoxed(&HKey_Subkey, KEY_ALL_ACCESS, &objattrs);
if (status == STATUS_BAD_INITIAL_PC) {
*error = 0;
return INVALID_HANDLE_VALUE;

12
Sandboxie/core/dll/dllpath.c
View File

@ -478,14 +478,10 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
exact = FALSE;
wildc = -1; // lower is better
match_len = 0;
if ((path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0) {
mp_flags = PATH_WRITE_FLAG; // write path mode
}
else {
mp_flags = 0; // normal mode
}
//if (use_privacy_mode)
// mp_flags = PATH_WRITE_FLAG; // write path mode
//else
// mp_flags = 0; // normal mode
//
// ClosedXxxPath

2
Sandboxie/core/dll/key.c
View File

@ -1705,7 +1705,7 @@ SkipReadOnlyCheck:
RtlInitUnicodeString(&objname, TruePath);
status = __sys_NtOpenKey(KeyHandle, Wow64KeyReadAccess, &objattrs);
status = SbieApi_OpenKey(KeyHandle, TruePath);
*BackslashPtr = L'\\';

2
Sandboxie/core/dll/key_util.c
View File

@ -56,7 +56,7 @@ _FX NTSTATUS Key_OpenIfBoxed(
ULONG mp_flags = SbieDll_MatchPath(L'k', name);
if (mp_flags)
if ((mp_flags & ~PATH_WRITE_FLAG) != 0)
status = STATUS_BAD_INITIAL_PC;
else
status = NtOpenKey(out_handle, access, objattrs);

6
Sandboxie/core/dll/proc.c
View File

@ -1450,10 +1450,8 @@ finish:
if (cancelled)
err = ERROR_CANCELLED;
}
else
{
SbieApi_Log(2226, L"%S [%S]", Dll_ImageName, Dll_BoxName);
}
//else
// SbieApi_Log(2226, L"%S [%S]", Dll_ImageName, Dll_BoxName);
}
/*if ((! ok) && (err == ERROR_ELEVATION_REQUIRED)) {

18
Sandboxie/core/drv/file.c
View File

@ -797,6 +797,13 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
#ifdef USE_MATCH_PATH_EX
ok = Process_GetPaths(proc, write_file_paths, _WritePath, TRUE);
if (ok && proc->use_privacy_mode) { // in privacy mode all drive paths are set to "write"
for (i = 0; drive_devices[i] && ok; ++i) {
ok = Process_AddPath(proc, write_file_paths, NULL,
TRUE, drive_devices[i], FALSE);
}
}
#else
ok = Process_GetPaths2(
proc, write_file_paths, closed_file_paths,
@ -833,15 +840,10 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
}
}
if (ok) {
if (ok && !proc->use_privacy_mode) { // when not in privacy mode we need to set drive paths to "normal"
for (i = 0; drive_devices[i] && ok; ++i) {
if (proc->use_privacy_mode) { // in privacy mode the default for drives is not "normal" but "write"
ok = Process_AddPath(
proc, write_file_paths, NULL, FALSE, drive_devices[i], FALSE);
} else {
ok = Process_AddPath(
proc, normal_file_paths, NULL, FALSE, drive_devices[i], FALSE);
}
ok = Process_AddPath(
proc, normal_file_paths, NULL, FALSE, drive_devices[i], FALSE);
}
}

14
Sandboxie/core/drv/key.c
View File

@ -242,12 +242,16 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
static const WCHAR *_WritePath = L"WriteKeyPath";
#ifdef USE_MATCH_PATH_EX
static const WCHAR *normalpaths[] = {
L"HKEY_LOCAL_MACHINE\\*",
//L"HKEY_LOCAL_MACHINE\\*",
//L"HKEY_CURRENT_USER\\software\\Microsoft\\*",
//L"HKEY_CURRENT_USER\\software\\WOW6432Node\\Microsoft\\*",
//L"\\REGISTRY\\USER\\*_Classes\\*",
NULL
};
static const WCHAR *writepaths[] = {
L"\\REGISTRY\\USER\\*",
NULL
};
#endif
static const WCHAR *openkeys[] = {
// Application Hives
@ -273,7 +277,6 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
}
if (ok && proc->use_privacy_mode) {
for (i = 0; normalpaths[i] && ok; ++i) {
ok = Process_AddPath(proc, &proc->normal_key_paths, NULL,
TRUE, normalpaths[i], FALSE);
@ -341,6 +344,13 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
#ifdef USE_MATCH_PATH_EX
ok = Process_GetPaths(proc, &proc->write_key_paths, _WritePath, TRUE);
if (ok && proc->use_privacy_mode) {
for (i = 0; writepaths[i] && ok; ++i) {
ok = Process_AddPath(proc, &proc->write_key_paths, NULL,
TRUE, writepaths[i], FALSE);
}
}
#else
ok = Process_GetPaths2(
proc, &proc->write_key_paths, &proc->closed_key_paths,

29
Sandboxie/core/drv/process_util.c
View File

@ -947,7 +947,8 @@ _FX ULONG Process_MatchPathEx(
mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_CLOSED_FLAG;
}
else if (!proc->use_privacy_mode || path_code == L'i') {
//else if (!proc->use_privacy_mode || path_code == L'i') {
else {
//
// in normal sandbox mode we have read access to all locations unless restricted,
@ -956,18 +957,20 @@ _FX ULONG Process_MatchPathEx(
mp_flags = TRUE_PATH_READ_FLAG | COPY_PATH_OPEN_FLAG; // normal mode
}
else {
//
// in privacy mode we only have read access to selected generic locations,
// and read access to user data must be explicityl grated,
// also all writes are redirected to the sandbox
//
// To enable privacy enchanced mode add UsePrivacyMode=y
//
mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_OPEN_FLAG; // write path mode
}
//else {
//
// //
// // in privacy mode we only have read access to selected generic locations,
// // and read access to user data must be explicityl grated,
// // also all writes are redirected to the sandbox
// //
// // Note: as of 1.5.1 all locations are locked down explicitly while the root mode remains normal
// //
// // To enable privacy enchanced mode add UsePrivacyMode=y
// //
//
// mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_OPEN_FLAG; // write path mode
//}
//
// closed path list, in non specific mode has the higher priority