Sandboxie - Drop My Rights

Discussion in 'sandboxing & virtualization' started by metalforlife, May 15, 2009.

Thread Status:
Not open for further replies.
  1. metalforlife

    metalforlife Registered Member

    Joined:
    Mar 29, 2009
    Posts:
    96
    What will dropping rights for sandboxed applications do? Will the programs run in a "LUA-like" environment? If it does, than that should mean that I will not be able to save files to "C:\Program Files\", right? But, I can. Can anyone tell me how?
     
  2. cruchot

    cruchot Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    126
    Location:
    Germany
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    you can save files but when you run them it is like if you are in safe mode,any executable files will not run properlly;)
     
  4. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
  5. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    I do agree that no "Permanent" damage is done, I am not denying that.

    I was just questioning The "Drop My Rights" ability? Because isn't Drop My Rights supposed to be used for to run Unknown or Untrustworthy Programs??
    If it can't properly control the behavior of programs such as in the tests we talked about in the some test thread, then what good is it even having the Drop My Rights Feature?
     
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    And also this is the Main reason why I switched from sandboxie to Defense wall,

    because Defense Wall seems to have a much better ability in controlling the behavior of Untrusted programs than what Drop My Rights in Sandboxie has.

    If you think about it Logically Defense Wall has to be able to control the behavior of Untrusted programs it is an absolute must, because it doesn't have a anti executable feature to prevent malware from running where as Sandboxie does. It does how ever have a "Stop attack" Feature which can terminate any running malware being a nuisance
     
  7. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    I question it also, I think its' useless and poorly programed. I like Sandboxie overall and use the run access settings to handle any unknown or unwanted exe files. I did ask about it at their forum but just got brushed off as if I was asking about something the dev didn't want to talk about (or knew little about) - but it was no biggie. Would an LUA/SRP have handled those "Stop Tests"? I am not too good on LUA. I know it limits what can be installed, and where, but those exe files didn't need any install - they were standalone, if I remember correctly. But like I said, I am not too up on LUA.
     
  8. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    I stated that "I question it also, I think its' useless and poorly programed" in direct response to Arran also questioning the Drop Rights feature of Sandboxie. So it should be fairly obvious that since I went on to say that I did use the program and said good things about it, that I meant that my opinion was that the Drop Rights feature was useless and poorly programed. If you want to infer that I said the entire program was useless and poorly programed, there is nothing I can do about that.
     
  9. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Good question, I don't believe any one tested them with LUA/SPR It will be interesting to find out, I'm not too up on LUA either.

    He is not saying that all of Sandboxie as a whole is useless and poorly programmed, just the "drop my rights feature"

    we are not denying that there is no known malware which can cause permanent damage, we are just questioning the Drop My Rights Abilities
     
  10. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    See here;
    http://www.sandboxie.com/index.php?VersionChanges#v_3_34
    Sandboxie version 3.34 released Jan 5, 2009

    Then on Jan 8, 2009 (a mere 3 days later)

    http://sandboxie.com/phpbb/viewtopic.php?p=30929#30929

    Tzuk;
    So forgive me if I have little faith in the Drop Rights feature of Sandboxie.....
     
  11. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    Well (opinion) its useless from the standpoint of that you are already in a sandbox - nothing can install into Program Files or Windows (the real ones I mean) or drivers or services etc etc. If you want LUA in addition to sandboxie, it is right there in Windows for you to set up ..... if the word 'useless' is too much - how about 'Less than usefull'? lol ;) On top of that is the run access settings ........
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    The whole Drop My Rights concept is useless if what is being run doesn't require administrative privileges to run in the first place. Isn't magic.

    Pete
     
  13. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    Ah, I knew I could find the comment that bothered me;

    http://sandboxie.com/phpbb/viewtopic.php?p=30903#30903

    tzuk -
    So ... things can be created in the 'Sandboxed\Windows' directory - so my question remains, wth? And my opinion stands, ... useless.

    Now, here is where my issue is; Let's say that you are not using Sandboxie. You have LUA in effect. You come across a drive-by keylogger that absolutely needs to install itself in the Windows folder. In this case, it can not install.

    Same situation, using Sandboxie; The keylogger is in Sandbox\Windows but thinks it is in Windows. Windows thinks you are installing the keylogger into C:\Sandbox.. and allows it. Both Windows and Sandboxie are helping to allow the keylogger now. You would have to take it upon yourself to include the Sandbox folder in a SRP. So let's say that you do that, what at this point do you need the Sandboxie DropRights to do?

    Let's say that you are running as Admin, and using the Sandboxie Drop Rights .... well, by the devs' own words... the install will be allowed, in the Sandbox\Windows folder.
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Useless is the wrong word. Not necessary is more accurate. First have you tried installing a keylogger in the sandbox. If it has to install a driver or start a service, the install will probably fail. I've tried installing security software that needs to do these things and the install fails.

    Secondly so a keylogger is installed in the sandbox. Before doing any secure browsing, just empty the sandbox. End of story.

    Pete
     
  15. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    All true, and makes the sandboxie drop rights ... 'not necessary'. Use the Sandboxie run access settings instead.
     
  16. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    If you understand what security descriptor and tokens are, do you still say 'not necessary'? For layman, using SB, it is already a good product without this feature.

    If you are logged in LUA, you need not worry anyway. If you are logged in Admin, use SRP to restrict browser to Basic User level, and then don't worry. Just enjoy the fact that what normally would be restricted with browser is now blissfully available inside the sandboxe due to where it's file path is. Nothing better than the browser being restricted yet the user not feeling the restriction.

    Sul.
     
  17. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    In my opinion the Drop-My-Rights thingie wasn't really needed, tzuk just wanted to add yet another layer to his protection. Sandboxie was already close to perfect, at least in my opinion, without DMR, but adding other layers, no matter how "soft", cannot hurt things. Dropping ones rights is not the purpose of Sandboxie, just a "fancy" feature. There are other ways of dropping the rights, tzuk just made it easier for those who are using his program. :cool:

    Acadia
     
  18. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    I am only trying to STAY ON TOPIC, and maybe someone then can answer the OPs' first question?
    Of course, the fact is that we are talking about something that is running in the sandbox. So, over and above running in the sandbox - what does it add? Already, drivers and services are not allowed. An LUA with or without SRP is not even in this equation. Keyloggers that can not install because they need a driver are not in this equation. Emptying the sandbox periodically is not in the equation. Whether or not Sandboxie is a good or poor program is not in this equation. Any other workarounds that anyone thinks of is also not in this equation.

    Pure and simple - over and above the fact of what a program can do in the sandbox - what does the Drops Rights accomplish?
     
  19. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    I gotta get to work guys, good luck. BTW, the answer is psst... nothing. ;)
     
  20. Gizzy

    Gizzy Registered Member

    Joined:
    Oct 5, 2007
    Posts:
    149
    Location:
    NJ, USA
    I don't really know what it does but there have been cases where I tried to install things in sandboxie with it enabled and the install said I needed admin rights to install it, and after disabling it I could install the program.

    So it does restrict some things, I'm just not sure what.
     
  21. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    I would like to know this answer too.
     
  22. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    A process started into a sandbox, whether you shortcut it, drag and drop or force it, will be stripped of any references of Admin or PowerUser, which will make it essentially a process with only user rights.

    Since the default security template in XP's case has now knowledge of a sandbox directory, it is not included in any restrictions. You can write/delete even as a User. So SB's DropRights has no bearing on what is happening that way.

    It would seem correct that the DropRights option would refer to the 'virtual file system' within the sandbox directory, but this is not the case. DropRights is seemingly actually dropping rights of the process, for use in the real file system, not necassarily the virtual one. From what I read anyway that is what it says. Think of it as, if it were to escape, any rights it would have had in the real OS were stripped by SB and it is rendered 'infertile'. This applies to an actual exploit where a process escapes SB and is out for real, or when you have by design created a hole in SB to fulfill recovery or downloading or other need.

    Sul.
     
  23. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    Thanks Sully, I appreciate it as you obviously know and understand all of this. Correct me if wrong;
    I assume you mean "no knowledge"? And the Drop Rights feature has no bearing (or less than full bearing) on activities within the sandbox?
    That is a keen observation and may in fact be a benefit of the feature, however I do not think most users realize how limited the benefits of the feature are.

    My statement is that if a user is interested enough to check that checkbox, they would have a concern of doing things right. And it is easy enough (and free) to do it right with other methods.
     
  24. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yes, correct 'no knowledge'.

    Tzuk himself stated, it was an option he COULD add, so he DID. I don't think it is a matter of SB trying to do something that other methods might do 'more better'. I think it is just a way to remove those rights from a process, leaving it restricted. This restriction it seems, applies to real process. As I said, if this process escapes SB, it is protected. You don't even have to use an 'alternate method', only SB. And it applies to everything.

    Now think about this for a minute, try to see the longer scope. You might use SRP or DMR or whatever to restrict Firefox to a basic user mode. OK, your thinking is why use SB to handle dropped rights when it does not technically work in the SB like it would in the real OS. But, thinking out further. If you use the DR option in SB, then anything started in SB will be a User. Now imagine if that process were to be allowed to interface to the control panel, or a download folder, or someplace in program files or windows. A hole created not by malware or exploit, but by the user who has a custom config to make all his stuff work in SB. With the DR option on, it does not affect what you do in the c:\Sandbox\xyz\xyz folders, but in the real OS. So yes, it does not appear to do much within the Sandbox, but with it, everything is automatically stripped and the restrictions would be felt OUTSIDE the sandbox. Imagine that again, you do nothing except check one box, and ANYTHING started that could ever go OUTSIDE the sandbox would be RESTRICTED.

    I know there are other methods of dropping rights, but I do believe this option in SB, while not probably ever being used by most peeps, still offers a pretty good level of 'what if' protection. To me it is actually a big thing. But then I do look at things as different as I can when I can ;)

    Sandboxie -- you can run as LUA, you can demote a process that runs in SB, you can use SB option DropRights. All of these, create a reduced privelage. The beauty, the brilliance, the essence, erm you get it, that GREAT THING about Sandboxie, is that once you start a process in Sandbox, you dont' even notice the restrictions ! So peeps in this thread, they are confused. Dont' be. Restrictions don't apply to virtual (or should be psuedo virtual) file systems. You can pretty much, do as if you were an admin, when you or the process started are not admin but user. YET -- if you should ever escape the sandbox, you come crashing back to reality, that WHOA, I am just a user. I love this program more every time I play with it.

    Sul.

    EDIT: Um, after posting on this topic before and reading lots of threads and playing with SB in different situations, this is what I THINK is happening. I have only time allotted to SB in small amounts so there may be someone in the KNOW who can verify this.
     
Loading...
Thread Status:
Not open for further replies.