Settings for sandboxing Java via Sandboxie?

Discussion in 'sandboxing & virtualization' started by Hungry Man, Sep 7, 2011.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,713
    This isn't something I have tried. If you have a java sandbox (SBIE), it doesn't matter what non-sandboxed application wants to use the java in the sandbox, the sandbox would have to have access to the real system for it to escape the sandbox at all. How much of the real system, I don't know. Perhaps just the chrome directory, maybe more.

    Sandboxie traps what happens in the sandbox there. What you want to do is a good idea, but limitations I think are what you are up against. At a very basic level, you defeat the purpose of using the sandbox to contain java, as you have to let it out to work with a non-sandboxed process. This would imply that, if you got it to work, the java in the sandbox would have access to whatever it was you made an exception for, which could mean it has free access to modify etc. You could try read only or read/execute but not write access. That might do the trick.

    Theories only on this topic though.

    Sul.
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You either run both in the same sandbox or you run both outside of the sandbox. That's how it works.

    Sometime ago, as I've mentioned in Sandboxie's thread created by you, I've suggested precisely what you want to achieve. But, it's not possible for now.

    When you run your web browser, it's calling Java's plugin, etc. Java is being forced to its sandbox. Unless I'm missing something, there would never exist the needed interaction between the browser and Java. That's not how it works.

    -edit-

    As Sully mentioned you could try to open holes in the sandbox and see what would come out of that, but it would beat the purpose of using Sandboxie, in the first place.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,133
    Guess I'll stick to Comodo for sandboxing Java. Thanks for the input, in class so I haven't read it all.

    EDIT: The part that confuses me is that I've opened ALL of the holes I can in Sandboxie. Still crashes. I've given literally full access to the entire system.

    Somehow Comodo works (and protects against java exploits.)
     
Thread Status:
Not open for further replies.