Open a program unsandboxed from within a sandboxed browser?

Discussion in 'sandboxing & virtualization' started by discs, Jul 9, 2012.

Thread Status:
Not open for further replies.
  1. discs

    discs Registered Member

    Joined:
    May 17, 2011
    Posts:
    41
    Location:
    UK
    Hi,

    I am attempting to set up a simple way for my wife to work within a sandboxed browser she can get used to (Firefox) while ensuring that when accessing certain sensitive sites these are opened for her automatically in another unsandboxed browser window (which can be IE, Chrome or Firefox) under the control of Trusteer Rapport (which as you probably know does not run in Sandboxie).

    [Because the sensitive sites may be accessed many times in a day, the idea here is that there isn't the burden to constantly keep in mind that a certain number of sites require Trusteer Rapport protection, and then to consider manually switching back and forth between browsers].

    At present the Firefox addon IE View Lite (https://addons.mozilla.org/en-US/firefox/addon/ie-view-lite/) enables me to specify a list of sites which when called in a sandboxed Firefox will automatically open in Internet Explorer. This works well - and all the 'sensitive' sites automatically open in IE. But they open sandboxed - so that the Trusteer Rapport functionality needed is missing.

    I have already presented the above issue on the Sandboxie forum and the reply I got was: There's no way for a [Sandboxie] sandboxed program to start and run an unsandboxed program, at least not at this time.

    As you may be able to appreciate I would like my wife to ordinarily run her browser in a sandboxed Firefox - but then to simply trigger an unsandboxed browser (window) which will activate Trusteer Rapport.

    Is there an alternative sandboxing approach to this issue? I do realise Sandboxie is in a class of its own - but to simplify things for my wife I would be willing to consider some other approach/program to resolve this issue.

    Thank you.

    Windows 7 Home Premium (64bit); Sandboxie 3.72; Firefox 13; IE9; Google Chrome 20
     
    Last edited: Jul 9, 2012
  2. AFAIK this can't be done and shouldn't be implemented. At any rate I don't see how it could possibly be implemented without seriously compromising the sandbox's security.
     
  3. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I can see why in your case it'd be useful,however such a feature would represent a serious security hole that could be exploited by malware.The whole purpose of a sandbox is containment and isolation.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Why don't you just set up two different web browsers or the same browser, but having two main processes, say firefox_r.exe (r stands for regular) and firefox_s.exe (s stands for sensitive). Force firefox_r.exe to open in Sandboxie, and don't force firefox_s.exe. I would restrict firefox_s.exe connections only to those sensitive services, though.

    Or, your wife could use Firefox under Sandboxie, and Google Chrome only for those sensitive services. But, once again, I'd restrict connections only to those sensitive services. Google Chrome has a command line switch called --host-rules. Search the forum for my nickname and --host-rules, and you'll find a couple threads with examples on how to achieve such.

    This way, your wife would still benefit from Trusteer Rapport.
     
  5. discs

    discs Registered Member

    Joined:
    May 17, 2011
    Posts:
    41
    Location:
    UK
    Thanks a lot for your various views and inputs.

    Since I wrote the original post here, tzuk - Sandboxie's creator - has come back to me on the Sandboxie forum - http://www.sandboxie.com/phpbb/viewtopic.php?p=81952#81952 - with the following helpful response:

    "There is no way to configure something like that in Sandboxie, but there is a contributed utility that might let you do that: http://www.sandboxie.com/phpbb/viewtopic.php?t=12544"

    Well, thanks to tzuk's advice and to Carl the creator of a utility called Sandboxie Reflector, I have been able to achieve exactly what I posited in my original post, for:

    my wife to work within a sandboxed browser she can get used to (Firefox) while ensuring that when accessing certain sensitive sites [in sandboxed Firefox] these are opened for her automatically in another unsandboxed browser window (which can be IE, Chrome or Firefox) under the control of Trusteer Rapport (which as you probably know does not run in Sandboxie).

    I recognise that this is an unorthodox use of Sandboxie, but 'needs must', and it is done with good intention without, I trust, unduly compromising Sandboxie's security and reputation!

    Thanks again, for your interest in my original question :).
     
Loading...
Thread Status:
Not open for further replies.