is this a hole in sandboxie?

Thanks m00nbl00d. I was not aware of Tzuk's comment!

 

just additional info:

if you create the long path folder inside Sandbox container folder (C:\Sandbox\User\Default\longfoldernameHERE\myPOC.pdf)

it won't execute for some reason, so I think it's not critical.

-----------------------

the "file-running-unsandboxed" hole only happens if the file-to-be-executed is placed on a long path directory anywhere outside Sandboxie container folder.

EXE files will give SBIE2205 Service not Implemented: LoadedModules message from Sandboxie.

affected feature(s):
Forced Folders

 

A couple of questions:

1. Re sbie problem: What foldername length (how many characters) must one exceed for the problem to appear?

2. Generally: Is there a way (a registry fix?) in XP/win7 to have windows limit the number of characters in naming a folder?

Thanks

 

Thanks for that quote moonblood.

Interesting discussion, but I must say I've instinctively never relied on the 'forced folders' for non executables either. It seemed too indirect.

All the major media/document file extensions other than images have their programs running in a Sandbox so it's not much of an issue for me. Good on whomever for identifying the weakness though.