Sandboxie Plus 0.7

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by DavidXanatos, Feb 15, 2021.

  1. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,136
    Location:
    Viena
    0.5.5.png

    This build fixes again a few security issues, as well as brings some new functionality and expands on the tracing features.

    Download: https://github.com/sandboxie-plus/Sandboxie/releases/tag/0.7.0

    If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.

    ChangeLog
    Added
    • sandboxed indicator for tray icons, the tooltip now contains [#] if enabled
    • the trace log buffer can now be adjusted with "TraceBufferPages=2560"
      -- the value denotes the count of 4k large pages to be used, here for a total of 10 MB
    • new functionality to the list finder
    Changed
    • improved RPC debugging
    • improved IPC handling around RpcMgmtSetComTimeout, "RpcMgmtSetComTimeout=n" is now the default behavioure
      -- required exceptions have been hard coded for specific calling dll's
    • the LogApi dll is now using Sbies tracing facility to logg events instead of an own pipe server
    Fixed
    • FIXED SECURITY ISSUE: elevated sandboxed processes could access volumes/disks for reading (thanks hg421)
    • fixed crash issue around SetCurrentProcessExplicitAppUserModelID observed with GoogleUpdate.exe
    • fixed issue with resource monitor sort by timestamp
    • FIXED SECURITY ISSUE: a race condition in the driver allowed to obtain a elevated rights handle to a process (thanks typpos)
    • FIXED SECURITY ISSUE: "\RPC Control\samss lpc" is now filtered by the driver (thanks hg421)
      -- this allowed elevated processes to change passwords, delete users and alike, to disable filtering use "OpenSamEndpoint=y"
    • FIXED SECURITY ISSUE: "\Device\DeviceApi\CMApi" is now filtered by the driver (thanks hg421)
      -- this allowed elevated processes to change hardware configuration, to disable filtering use "OpenDevCMApi=y"
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,489
    Location:
    UK
    Installed Plus 0.7 on one machine and 5.48 Classic on another machine.
    Both were installed over the top of the previous build without any issues.
     
  3. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    479
    Location:
    USA
    Just downloaded classic 5.48. Thanks for all your hard work David. Sending a little donation your way.
     
  4. Monica2000

    Monica2000 Registered Member

    Joined:
    May 18, 2020
    Posts:
    53
    Location:
    Spain
    After upgrading, sandboxed programs can´t detect my webcam/microphone.
     
  5. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,136
    Location:
    Viena
    see the changelog:

    - FIXED SECURITY ISSUE: "\Device\DeviceApi\CMApi" is now filtered by the driver (thanks hg421)
    -- this allowed elevated processes to change hardware configuration, to disable filtering use "OpenDevCMApi=y"

    So you will need to add OpenDevCMApi=y to the sandbox you want to use your webcam in

    EDIT: I have reviewed what calls are needed for accessing the webcam and in the next build those will be permitted without opening unrestricted access to hardware configuration
     
    Last edited: Feb 15, 2021
  6. Monica2000

    Monica2000 Registered Member

    Joined:
    May 18, 2020
    Posts:
    53
    Location:
    Spain
    OK thank you. I'll try it tomorrow. :thumb:
     
  7. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,985
    Location:
    Mexico
    @DavidXanatos this build is working so good so far, browsing internet so smooth... ahhh! thanks a lot!
     
  8. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    991
    +1.
     
  9. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,985
    Location:
    Mexico
    @DavidXanatos

    My 4K Video Downloader program stopped working, executable launches but can''t form its gui.
    Tried to workaround this issue by inserting this line: RpcMgmtSetComTimeout=4kvideodownloader.exe,y
    It worked out but I wanted to ask whether this is correct or not.
     
  10. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    745
    Location:
    U.S. Citizen
    Hi,
    02/15/2021
    Just updated to Sandboxie 5.48.0 exe

    Running Classic Sandboxie newest version on
    one PC. 5.48.0 exe

    My Puffin Secure Browser, will not sandbox,
    No extensions....

    Microsoft Edge same thing and it is h&ll,
    remove/terminate the processes from Sandboxie.

    Extensions on Microsoft Edge, are as follow:
    I have turn me all off. Just to see that make a
    different...
    * Bitwarden,
    * Kaspersky Password Manger
    * Kaspersky Protection
    * XTranslate

    Firefox work perfectly...... with Sandboxie. Nice and
    smooth. Only Bitwarden.....

    Under SandBoxie 533-6 they all work perfectly......
    umm.


    Additionally can you tell me the different, between
    SandBoxie Classic and/or SandBoxie Plus, please?

    On two other PC's , I am running SandBoxie Plus ,
    0.7.0 ex

    I

    Kind regards,
     
    Last edited: Feb 16, 2021
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    Just for the record, were these security issues already present in the last Sophos release, or were they introduced by you? Also, I see people commenting about Sandboxie Classic in this thread, perhaps you can start a separate thread for this edition. Also has the "GUI resize" bug already been fixed in Sandboxie Plus?
     
  12. txhawkeye

    txhawkeye Registered Member

    Joined:
    Jul 22, 2008
    Posts:
    20
    @DavidXanatos: You helped me resolve a problem with Outlook.exe and I provided you several IPC traces for that. You asked if I would create new IPC traces for Outlook.exe after you made changes to IPC logging in the next build. Would you still like new traces? If so, I assume you'd like to get a trace when Outlook.exe starts - is that correct?

    I'll be happy to do this for you, but it may be a few days before I can. I'm in the Dallas, Texas area and the entire state of Texas is in the middle of unprecedented cold weather, which has triggered crises in power, natural gas and water distribution. Biggest problem for me right now is we're suffering rolling power blackouts, and the availability of electricity is very unpredictable. So I'll be forced to wait until thing stabilize, hopefully in the next few days.
     
  13. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,136
    Location:
    Viena
    They were presumably present at since the change from 3.xx to 4.xx so even before the Sophos time.
    I have not introduced any new security issues that I know of.

    @txhawkeyeYes please
     
  14. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,136
    Location:
    Viena
    looks right, please always provide a download link to the affected software
    is it this one;: https://www.4kdownload.com/products/product-videodownloader

    if this is it, than good news with the next build it will work again fin without the line as the problematic RPC from the AppXDeploymentClient.dll will get that preset auto set by the hard coded list
     
  15. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,985
    Location:
    Mexico
    Correct. That's the program in question. Than you for hardcoding such preset.
     
  16. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    745
    Location:
    U.S. Citizen
    Hi,

    Feedback from #10 Reply

    Error deleting sandbox folder: C:\Sandbob\micha\DefaultBox

    this is the error that, I keep receiving after, I try to empty/delete content
    in Sandboxie......

    Additionally, I am using Sandboxie Plus....
     
    Last edited: Feb 18, 2021
  17. henryg1

    henryg1 Registered Member

    Joined:
    Jun 14, 2020
    Posts:
    186
    Location:
    uk
    I can no longer access my OneDrive files (https://onedrive.live.com/about/en-gb/signin/) in a sandboxed Firefox 85.0.2 or Chromium Edge 88.0.705.74 - both 64bit. I don't know whether it is due to 0.7 as I rarely use a browser to access OneDrive.

    After I enter my email address on Firefox the system freezes, whereas Edge goes to the next page and asks for my password and then freezes.

    Both browsers have no problem when not sandboxed.
     
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,007
    Location:
    .
    FWIW ~ just tried - no issue re access my side - Firefox 85.0.2 & Edguim 88.0.705.74 -
    + 0.7.0
    Note: my OneDrive files are six empty folders.

    Edit: after reading @catspyjamas #19. I'm always signed in to my M$ webmail account. Maybe, that's why access is okay for me.
     
    Last edited: Feb 20, 2021
  19. catspyjamas

    catspyjamas Registered Member

    Joined:
    Jul 1, 2011
    Posts:
    157
    Location:
    New Zealand
    @DavidXanatos Likely related to above - I can no longer sign into Outlook/Microsoft Accounts on sandboxed Edge, Chrome or FF (all latest stable versions, and Sandboxie Classic 5.48.0). Same behaviour as described above, the sign in page freezes before credentials can be entered and it has to be killed with taskmanager or by emptying the sandbox to close the browser. Also had the same issue when trying to sign into Yahoo on Edge - exact same behaviour when taken to the sign in page. Curiously I could sign into Yahoo on sandboxed FF, but not Edge. Haven't tried Yahoo on Chrome. Both sites work fine unsandboxed.

    I can't tell you when this began happening with Outlook/Microsoft account sign in pages, but I know I could sign into Yahoo successfully on 5.47.1.

    Relevant links are: https://outlook.live.com/owa/ and https://mail.yahoo.com/
    Once those pages load and you click the "sign in button" you get directed to another page to put credentials in - it's that page that freezes up.

    Same behaviour on all 3 machines, all Win 10 20H2.
     
    Last edited: Feb 20, 2021
  20. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    745
    Location:
    U.S. Citizen
    @ catspyjamas,

    Same thing happen to me starting 4 days ago.......
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    OK cool, so these were never reported to Invincea and Sophos? Seems weird to me. But very cool that you were able to fix them.

    Does it work correctly? I'm using an older version of YTD Video Downloader, because the new version has become crapware. It starts up quite slowly in the sandbox. The old version still works with certain sites.
     
  22. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,136
    Location:
    Viena
  23. txhawkeye

    txhawkeye Registered Member

    Joined:
    Jul 22, 2008
    Posts:
    20
    @DavidXanatos: Attached is an ipc trace on version 0.7.0 when Outlook.exe starts up and syncs with 5 gmail folders. Let me know if you need anything else.
     

    Attached Files:

  24. txhawkeye

    txhawkeye Registered Member

    Joined:
    Jul 22, 2008
    Posts:
    20
    Same issue here with 0.7.0.

    Reproduce by connecting to microsoft.com using firefox or edge. Click the signon icon. The firefox/edge window freezes (is unresponsive) and you cannot enter your login credentials. However, if you let the window sit idle for about 10 minutes, it then become operational and credentials can be entered. This problem did not exist in 0.6.7, but it did in SBIE 5.31.6. I was pleased when I found 0.6.7 fixed the problem after I upgraded from 5.31.6. So hopefully this issue in 0.7.0 can be corrected.

    FYI, I tried using the new "OpenSamEndpoint=y" and "OpenDevCMApi=y" filtering options just to see if they helped, but the problem persisted.

    I'm going to drop back to 0.6.7 for now. Hopefully you can identify what is causing the problem.

    Thank you, as always, for your great work!
     
  25. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    1,136
    Location:
    Viena
    then try:
    RpcMgmtSetComTimeout=y
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.