1.7.2

2023-02-04 14:26:14 +01:00 · 2023-02-04 14:26:14 +01:00 · fd84d426ac
parent 92b767ccae
commit fd84d426ac
5 changed files with 41 additions and 36 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,10 +14,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).

 ### Fixed
 - fixed delete v1/v2 display now respects global presets
- Avoid blocking the Explorer when dragging [#2660](https://github.com/sandboxie-plus/Sandboxie/pull/2660)
+- avoid blocking the Explorer when dragging [#2660](https://github.com/sandboxie-plus/Sandboxie/pull/2660)
 - fixed issue with QtSingleApp [#2659](https://github.com/sandboxie-plus/Sandboxie/issues/2659)
 - fixed updater sometimes failing to create temp dir [#2615](https://github.com/sandboxie-plus/Sandboxie/issues/2615)
- fixed issue with snapshot removal [2663](https://github.com/sandboxie-plus/Sandboxie/issues/2663)
+- fixed issue with snapshot removal [#2663](https://github.com/sandboxie-plus/Sandboxie/issues/2663)
+- fixed issue with symbolicl inks [#2606](https://github.com/sandboxie-plus/Sandboxie/issues/2606)



--- a/Sandboxie/core/drv/file.c
+++ b/Sandboxie/core/drv/file.c
@ -556,7 +556,6 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
    LIST *open_file_paths, LIST *closed_file_paths,
    LIST *read_file_paths, LIST *write_file_paths)
 {
-    static const WCHAR *_PstPipe = L"\\Device\\NamedPipe\\protected_storage";
 #ifdef USE_MATCH_PATH_EX
    static const WCHAR *_NormalPath = L"NormalFilePath";
 #endif
@ -731,6 +730,10 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,

    if (ok && Conf_Get_Boolean(
                proc->box->name, Driver_OpenProtectedStorage, 0, FALSE)) {
+				
+        static const WCHAR *_PstPipe = 
+            L"\\Device\\NamedPipe\\protected_storage";
+				
        ok = Process_AddPath(
                proc, open_file_paths, NULL, TRUE, _PstPipe, FALSE);
    }
@ -740,7 +743,7 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
            proc, open_file_paths, NULL, TRUE, openpipes[i], FALSE);
    }

-    if (proc->bAppCompartment) {
+    if (ok && proc->bAppCompartment) {
        for (i = 0; openPipesCM[i] && ok; ++i) {
            ok = Process_AddPath(
                proc, open_file_paths, NULL, TRUE, openPipesCM[i], FALSE);
@ -851,14 +854,13 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
        }
    }

-
 #ifdef USE_MATCH_PATH_EX

    //
    // setup access restrictions to \Device\
    //

-    if (proc->restrict_devices) {
+    if (ok && proc->restrict_devices) {

        //
        // many 3rd party drivers are a great attack vector to gain execution in the kernel, 
@ -872,10 +874,6 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
                ok = Process_AddPath(
                    proc, normal_file_paths, NULL, FALSE, approved_devices[i], FALSE);
            }
-            if (ok && !proc->file_block_network_files) {
-                ok = Process_AddPath(
-                    proc, normal_file_paths, NULL, FALSE, File_Mup, TRUE);
-            }
        }

        if (ok && !proc->use_privacy_mode) { // when not in privacy mode we need to set drive paths to "normal"
@ -885,13 +883,22 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
            }
        }

-        if (! ok) {
-            Log_MsgP1(MSG_INIT_PATHS, Driver_Empty, proc->pid);
-            return FALSE;
+        if (ok && !proc->file_block_network_files) {
+            ok = Process_AddPath(
+                proc, normal_file_paths, NULL, FALSE, File_Redirector, TRUE);
+            if (ok) {
+                ok = Process_AddPath(
+                    proc, normal_file_paths, NULL, FALSE, File_Mup, TRUE);
+            }
        }
    }
 #endif

+    if (! ok) {
+        Log_MsgP1(MSG_INIT_PATHS, Driver_Empty, proc->pid);
+        return FALSE;
+    }
+
    //
    // if this is a Sandboxie program (like SandboxieRpcSs), don't allow
    // the Windows compatibility (shim) DLLs to be loaded
--- a/Sandboxie/core/drv/ipc.c
+++ b/Sandboxie/core/drv/ipc.c
@ -440,6 +440,7 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
        L"*\\BaseNamedObjects*\\ShimCacheMutex",
        L"*\\BaseNamedObjects*\\ShimSharedMemory",
        L"*\\BaseNamedObjects*\\SHIMLIB_LOG_MUTEX",
+        L"*\\BaseNamedObjects*\\msgina: ReturnToWelcome",
        L"\\Security\\LSA_AUTHENTICATION_INITIALIZED",
        L"\\LsaAuthenticationPort",
        L"\\NlsCacheMutant",
@ -638,7 +639,6 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
    ok = Process_GetPaths(proc, &proc->normal_ipc_paths, _NormalPath, FALSE);

    //if (ok && proc->use_privacy_mode) {
-    // 
    //    for (i = 0; normalpaths[i] && ok; ++i) {
    //        ok = Process_AddPath(proc, &proc->normal_ipc_paths, NULL,
    //                          TRUE, normalpaths[i], FALSE);
@ -732,13 +732,6 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
        }
    }

-    if (ok) {
-        static const WCHAR *_ReturnToWelcome =
-            L"*\\BaseNamedObjects*\\msgina: ReturnToWelcome";
-        ok = Process_AddPath(proc, &proc->open_ipc_paths, NULL,
-                             FALSE, _ReturnToWelcome, FALSE);
-    }
-
    if (! ok) {
        Log_MsgP1(MSG_INIT_PATHS, _OpenPath, proc->pid);
        return FALSE;
--- a/Sandboxie/core/drv/key.c
+++ b/Sandboxie/core/drv/key.c
@ -271,10 +271,6 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
    //

    ok = Process_GetPaths(proc, &proc->normal_key_paths, _NormalPath, TRUE);
-    if (! ok) {
-        Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
-        return FALSE;
-    }

    if (ok && proc->use_privacy_mode) {
        for (i = 0; normalpaths[i] && ok; ++i) {
@ -314,6 +310,11 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
            proc, &proc->open_key_paths, NULL, TRUE, openkeys[i], FALSE);
    }

+    if (! ok) {
+        Log_MsgP1(MSG_INIT_PATHS, _OpenConf, proc->pid);
+        return FALSE;
+    }
+
    //
    // closed paths
    //
@ -360,6 +361,7 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
                proc, &proc->closed_key_paths, _WritePath, TRUE);
    }
 #endif
+
    if (! ok) {
        Log_MsgP1(MSG_INIT_PATHS, _WritePath, proc->pid);
        return FALSE;
--- a/SandboxiePlus/QSbieAPI/Helpers/NtIO.cpp
+++ b/SandboxiePlus/QSbieAPI/Helpers/NtIO.cpp
@ -82,10 +82,15 @@ NTSTATUS NtIo_RemoveJunction(POBJECT_ATTRIBUTES objattrs)
 	status = NtCreateFile(&Handle, GENERIC_WRITE | DELETE, objattrs, &Iosb, 0, 0, FILE_SHARE_READ, FILE_OPEN, FILE_FLAG_OPEN_REPARSE_POINT, 0, 0); // 0x40100080, , , , , 0x00204020
 	if (NT_SUCCESS(status))
 	{
-		REPARSE_DATA_MOUNT_POINT ReparseData = { 0 };
-		ReparseData.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
-		ReparseData.ReparseDataLength = 0;
-		status = NtFsControlFile(Handle, NULL, NULL, NULL, &Iosb, FSCTL_DELETE_REPARSE_POINT, &ReparseData, REPARSE_GUID_DATA_BUFFER_HEADER_SIZE, NULL, 0);
+		REPARSE_DATA_MOUNT_POINT ReparseBuffer = { 0 };
+		status = NtFsControlFile(Handle, NULL, NULL, NULL, &Iosb, FSCTL_GET_REPARSE_POINT, NULL, 0, &ReparseBuffer, sizeof(ReparseBuffer));
+		if (NT_SUCCESS(status))
+		{
+			REPARSE_GUID_DATA_BUFFER ReparseData = { 0 };
+			ReparseData.ReparseTag = ReparseBuffer.ReparseTag;
+			ReparseData.ReparseDataLength = 0;
+			status = NtFsControlFile(Handle, NULL, NULL, NULL, &Iosb, FSCTL_DELETE_REPARSE_POINT, &ReparseData, REPARSE_GUID_DATA_BUFFER_HEADER_SIZE, NULL, 0);
+		}

 		NtClose(Handle);
 	}
@ -145,13 +150,10 @@ NTSTATUS NtIo_DeleteFolderRecursivelyImpl(POBJECT_ATTRIBUTES objattrs, bool (*cb
 		if (FileAttributes & (FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM))
 			NtIo_RemoveProblematicAttributes(&ntFoundObject.attr);

-		if (FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
-		{
-			if (FileAttributes & FILE_ATTRIBUTE_REPARSE_POINT)
-				status = NtIo_RemoveJunction(&ntFoundObject.attr);
-			else
-				status = NtIo_DeleteFolderRecursivelyImpl(&ntFoundObject.attr, cb, param);
-		}
+		if (FileAttributes & FILE_ATTRIBUTE_REPARSE_POINT)
+			status = NtIo_RemoveJunction(&ntFoundObject.attr);
+		else if (FileAttributes & FILE_ATTRIBUTE_DIRECTORY)
+			status = NtIo_DeleteFolderRecursivelyImpl(&ntFoundObject.attr, cb, param);
 		
 		if (NT_SUCCESS(status))
 			status = NtDeleteFile(&ntFoundObject.attr);