Sandboxie-Plus 1.0.8

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Jan 18, 2022.

  1. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    @DavidXanatos
    Found a bug at the moment of trying to remove a sandbox.

    A progress dialog pops up and keeps running forever?
    Then I click little x button to close it and it disappears along with the sandbox.

    Discovered on 1.0.8 not sure if previous versions are ill too...
     
  2. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Similar: https://github.com/sandboxie-plus/Sandboxie/issues/1562
     
  3. 100

    100 Registered Member

    Joined:
    Nov 21, 2020
    Posts:
    34
    Location:
    -
    I can confirm this with:
    Windows 7 x64
    Sandboxie classic 5.55.8 (x64)
    1600 x 1200 (100 %)

    It occurs with all maximized windows, completely independent of the origin of the window.

    With a maximized window on the main monitor (left), the border is in the taskbar and on the right it is already on the second monitor. For a window maximized on the second monitor (right), it is on the left on the right edge of the first (left) monitor.

    Sandboxie_border_1.jpg

    Sandboxie_border_2.jpg
     
    Last edited: Jan 24, 2022
  4. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    337
    Location:
    Vienna, Austria
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    I have to think about it, the obvious issue is that we don't track all processes, perhaps we could mark and track the process started with the unsandboxed check and its child precesses to exclude them from forced processes.
    But IDK. how the updaters do their thing, chrome has a service, when the browser in the end is started by that updater service and not by the manually run updater that would cause issues.
    The best thing is just to use the disable forced programs option when running the updater, thats reliable imho.
     
  6. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    this is a valuable insight into that issue, and it gives me an idea how to fix it
     
  7. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    border issue will be fixed in next build
     
  8. 100

    100 Registered Member

    Joined:
    Nov 21, 2020
    Posts:
    34
    Location:
    -
    Thank so much, David! :thumb:
     
  9. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    337
    Location:
    Vienna, Austria
    Thanks for elaborating on the difficulties of such an effort. Marking those child-processes sounds like a good idea. Or perhaps it might be even easier to add another checkbox to that "Run outside Sandbox"-dialog which, if checked, would pause sandboxing just for the next time such a (pseudo-)sandbox would be started, controlled by a simple counter.

    So that checkbox would set a counter to 1 - which would trigger the next (one) Sandbox opened thereafter to work as an inactive pseudo-Sandbox and until it would close down again - all Sandboxing-operations would be suspended.
     
    Last edited: Jan 24, 2022
  10. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,938
    Location:
    UK
    I don't see what is wrong with just updating outside of the sandbox.
    We've always done it this way (at least I have)
    Asking for work arounds sound like a way of punching holes in the sandbox and making a lot of hard work for the dev which could lead to
    other issues.
    I'm okay with it the way it is (but that's just my opinion as a user)
     
  11. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Yes, I agree. It's become so routine to disable forced programs, do the update and close/re-open the browser that it's almost second-nature. Just a basic user but I appreciate the security value in doing the update this way.
     
  12. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    336
    I'd rather continue updating programs outside sandboxie like one a month (most get even less updates) than introducing unnecessary risks. Maybe just create an popup how updates could/should be done than opening that can of worms.
     
  13. sevenstar

    sevenstar Registered Member

    Joined:
    Oct 19, 2010
    Posts:
    54
    I also would prefer to update any program outside of the sandbox.
     
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  15. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
  16. StillBorn

    StillBorn Registered Member

    Joined:
    Nov 19, 2014
    Posts:
    297
    No one does nor could do updates in SD's shadow mode, DF's frozen mode, or while wrapped up in a VM. It's not like somebody's going to jump out from under your bed and run out the door with your computer in tow because it was time for routine maintenance.
     
  17. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    596
    Location:
    Austria
    I agree too with this statement and all the similar above comments by other users.
     
  18. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    in special for firefox (in special the portable build) malware is able to fake the updater and cause a lot of trouble this way. from my view: No.
     
  19. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    337
    Location:
    Vienna, Austria
    Maybe you - and apparently many others here - have done so. For my part I haven't. Until about March 2021 Chrome and Opera could be updated successfully and entirely from within the sandbox with a template allowing direct access to the browsers config files (preferences, bookmarks, history etc.)
    No holes as that kind of update outside the box would have to be triggered manually and purposefully by the user.
     
  20. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    337
    Location:
    Vienna, Austria
    Well, Chrome gets updated automatically, even running within the Sandbox, but instead of a successful update gets crippled that way. You can only disable forced programs intentionally and beforehand if you know exactly when that update is going to be triggered.

    Besides what would be the "added security value"? According to my proposal NOTHIG WOULD CHANGE except a user would purposefully and intentionally trigger the update the special way I've proposed.
     
  21. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    337
    Location:
    Vienna, Austria
    Opera gets updated once a week, although not necessarily automatically. And Chrome more often than once a month, too, albeit constituting the bigger problem because of the unpredictable point in time such an upgrade is triggered. And what "can of worms" are you talking about? My proposed "special upgrade mode" would have to be triggered manually and intentionally and would never be executed until the user chooses to do so. In other words - if you don't like it, don't ever use it and continue to handle your upgrades exactly as before.
     
  22. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    337
    Location:
    Vienna, Austria
    Same here. Don't use the "special upgrade mode" I proposed and continue to do it the way you prefer and/or did before.
     
  23. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    337
    Location:
    Vienna, Austria
    Same here. Don't use the "special upgrade mode" I proposed and continue to do it the way you prefer and/or did before.
     
  24. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    337
    Location:
    Vienna, Austria
    No clue what you're talking about. To do the upgrade all seem to agree here that for that process to run successfully you will have to complete it unsandboxed with all the possible risks of running a process directly on the physical machine without any virtualization.

    However SB with active "forced-folders"-mode will not allow that to happen. So to run that upgrade-process outside of the box the "forced-folders"-mode will have to be disabled first - and re-enabled after completion.

    My proposal just suggests another - IMHO more convenient - way to do exactly that. Only that instead of dis- and subsequent re-enabling it would offer an additional way TO PAUSE "forced folders" for exactly one instance of subsequent sandboxed processes with the exactly same result as the conventional method you all seem to be defending. That is the subsequent browser-launch would occur outside of the sandbox, quite the same way as with "forced-folders" disabled.

    And furthermore if you don't like the new was or don't trust ii - then simply don't use it. And nothing will change for you.
     
  25. algol1

    algol1 Registered Member

    Joined:
    Aug 10, 2020
    Posts:
    337
    Location:
    Vienna, Austria
    Well, then simply don't use this new feature should it ever be implemented in the proposed or even a better way which @DavidXanatos might still come up with. ;-)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.