1.0.7
This commit is contained in:
parent
54580a8548
commit
dbef080740
|
@ -5,10 +5,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
|
||||
|
||||
|
||||
|
||||
## [1.0.7 / 5.55.7] - 2022-01-??
|
||||
|
||||
### Added
|
||||
- added experimental option "CreateToken=y" ability to create a new token instead of restricting an existing one
|
||||
- added experimental option "CreateToken=y" ability to create a new token instead of repurposing an existing one
|
||||
- added option "DisableRtClsBlacklist=y" allowing to disable the hardcoded runtime class blacklist
|
||||
|
||||
### Changed
|
||||
- reworked syscall invocation code in the driver
|
||||
|
@ -16,7 +18,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
### Fixed
|
||||
- Win32k hooking is now compatible with HVCI [#1483](https://github.com/sandboxie-plus/Sandboxie/issues/1483)
|
||||
- fixed memory leak in driver (conf_user.c)
|
||||
- fixed issue with file renaming in open paths introduced in 1.0.6
|
||||
- fixed issue chromium browsers not closing properly [#1496](https://github.com/sandboxie-plus/Sandboxie/issues/1496)
|
||||
|
||||
### Removed
|
||||
- removed OpenToken as its only a shorthand for UnrestrictedToken=y and UnfilteredToken=y set together
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -3505,13 +3505,18 @@ _FX void Com_LoadRTList(const WCHAR* setting, WCHAR** pNames)
|
|||
|
||||
_FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId)
|
||||
{
|
||||
if ((Dll_ProcessFlags & SBIE_FLAG_APP_COMPARTMENT) == 0) { // in complartment mode those should work fine as we have a normal token
|
||||
//
|
||||
// Even in compartment mode thes things don't work only incombination with open COM its functional
|
||||
//
|
||||
|
||||
if (!(Ipc_OpenCOM && (Dll_ProcessFlags & SBIE_FLAG_APP_COMPARTMENT) != 0) && !SbieApi_QueryConfBool(NULL, L"DisableRTBlacklist", FALSE)) {
|
||||
|
||||
//
|
||||
// Chrome uses the FindAppUriHandlersAsync, which fails returning a NULL value when we don't have com open and more rights
|
||||
// than we should have. Chrome does not check for this failure mode and dereferences it, resulting in a fatal crash.
|
||||
// Since we don't support modern app features anyways, the simplest workaround is to block this interface.
|
||||
//
|
||||
|
||||
if (Dll_ImageType == DLL_IMAGE_GOOGLE_CHROME) {
|
||||
|
||||
if (wcscmp(strClassId, L"Windows.System.Launcher") == 0)
|
||||
|
@ -3519,9 +3524,11 @@ _FX BOOLEAN Com_IsClosedRT(const wchar_t* strClassId)
|
|||
}
|
||||
|
||||
//
|
||||
// this seems to be broken as well
|
||||
//if (wcscmp(strClassId, L"Windows.UI.Notifications.ToastNotificationManager") == 0)
|
||||
// return TRUE;
|
||||
// ToastNotificationManager requirers open com and original token, with boxed com this causes in a dead lock
|
||||
//
|
||||
|
||||
if (wcscmp(strClassId, L"Windows.UI.Notifications.ToastNotificationManager") == 0)
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static const WCHAR* setting = L"ClosedRT";
|
||||
|
|
Loading…
Reference in New Issue