From a4e6b4913b908c002bd19b0886dc38f63fdcc22a Mon Sep 17 00:00:00 2001 From: DavidXanatos Date: Mon, 12 Jul 2021 22:22:22 +0200 Subject: [PATCH] systemless MSIServer + fixes and some cleanup --- CHANGELOG.md | 19 ++- Sandboxie/apps/common/Common.vcxproj | 5 - Sandboxie/apps/control/Control.vcxproj | 15 --- .../apps/control/Control.vcxproj.filters | 15 --- Sandboxie/common/my_version.h | 4 +- Sandboxie/core/dll/dll.h | 6 + Sandboxie/core/dll/file.c | 35 +++++ Sandboxie/core/dll/file_dir.c | 24 ++-- Sandboxie/core/dll/gui.c | 6 +- Sandboxie/core/dll/guihook.c | 6 + Sandboxie/core/dll/key.c | 57 ++++++-- Sandboxie/core/dll/scm_msi.c | 127 +++++++++++++++++- Sandboxie/core/drv/includes.c | 4 +- Sandboxie/core/drv/thread_token.c | 2 +- Sandboxie/core/drv/token.c | 12 -- Sandboxie/core/svc/ProcessServer.cpp | 6 +- Sandboxie/core/svc/serviceserver2.cpp | 2 +- SandboxiePlus/QSbieAPI/SbieAPI.cpp | 31 +++-- SandboxiePlus/QSbieAPI/SbieAPI.h | 4 +- SandboxiePlus/SandMan/Models/TraceModel.cpp | 2 +- SandboxiePlus/SandMan/Models/TraceModel.h | 2 +- SandboxiePlus/SandMan/Views/TraceView.cpp | 2 +- SandboxiePlus/version.h | 4 +- 23 files changed, 283 insertions(+), 107 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03b74c1515..19a48a3407 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,27 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). + + +## [0.8.8 / 5.50.8] - 2021-07-12 + +### Changed +- MSIServer no longer requirers being run as system completing the move to not using system tockens in a sandbox by default +-- the security enhanced option "MsiInstallerExemptions=n" is now the default behavioure + +### Fixed +- fixed issue with the "Explore Sandboxed" command [#972](https://github.com/sandboxie-plus/Sandboxie/issues/972) +- rolled back the switch from using NtQueryKey to NtQueryObject as it seams to bream soem older w10 versions liek 1803 [#984](https://github.com/sandboxie-plus/Sandboxie/issues/984) +-- this change was introduced to fix [#951](https://github.com/sandboxie-plus/Sandboxie/issues/951) +-- to use NtQueryObject the option "UseObjectNameForKeys=y" can be added to sandboxie.ini + + + + ## [0.8.7b / 5.50.7] - 2021-07-11 ### Fixed -- fixed issue with boxes that had auto-delete activated introduced in the previous build +- fixed issue with boxes that had auto-delete activated introduced in the previous build [#986](https://github.com/sandboxie-plus/Sandboxie/issues/986) ## [0.8.7 / 5.50.7] - 2021-07-10 diff --git a/Sandboxie/apps/common/Common.vcxproj b/Sandboxie/apps/common/Common.vcxproj index a713aa1146..81f4c3f09e 100644 --- a/Sandboxie/apps/common/Common.vcxproj +++ b/Sandboxie/apps/common/Common.vcxproj @@ -103,7 +103,6 @@ - @@ -111,14 +110,10 @@ - - - - diff --git a/Sandboxie/apps/control/Control.vcxproj b/Sandboxie/apps/control/Control.vcxproj index 61efb92b96..a2459cad4f 100644 --- a/Sandboxie/apps/control/Control.vcxproj +++ b/Sandboxie/apps/control/Control.vcxproj @@ -183,20 +183,8 @@ NotUsing NotUsing - - NotUsing - NotUsing - NotUsing - NotUsing - - - NotUsing - NotUsing - NotUsing - NotUsing - NotUsing NotUsing @@ -297,11 +285,8 @@ - - - diff --git a/Sandboxie/apps/control/Control.vcxproj.filters b/Sandboxie/apps/control/Control.vcxproj.filters index ad1f8a1b6b..058d046f26 100644 --- a/Sandboxie/apps/control/Control.vcxproj.filters +++ b/Sandboxie/apps/control/Control.vcxproj.filters @@ -54,18 +54,12 @@ - - common - common common - - common - common @@ -137,18 +131,12 @@ - - common - common common - - common - common @@ -166,9 +154,6 @@ - - common - common diff --git a/Sandboxie/common/my_version.h b/Sandboxie/common/my_version.h index 16b8ca8ca1..4ce2e28f6a 100644 --- a/Sandboxie/common/my_version.h +++ b/Sandboxie/common/my_version.h @@ -21,8 +21,8 @@ #ifndef _MY_VERSION_H #define _MY_VERSION_H -#define MY_VERSION_BINARY 5,50,7 -#define MY_VERSION_STRING "5.50.7" +#define MY_VERSION_BINARY 5,50,8 +#define MY_VERSION_STRING "5.50.8" #define MY_VERSION_COMPAT "5.50.0" // this refers to the driver ABI compatibility // These #defines are used by either Resource Compiler, or by NSIC installer diff --git a/Sandboxie/core/dll/dll.h b/Sandboxie/core/dll/dll.h index 67b1715140..20b7b77f42 100644 --- a/Sandboxie/core/dll/dll.h +++ b/Sandboxie/core/dll/dll.h @@ -181,6 +181,12 @@ typedef struct _THREAD_DATA { ULONG file_dont_strip_write_access; + // + // misc modules + // + + HANDLE scm_last_own_token; + // // proc module: image path for a child process being started // diff --git a/Sandboxie/core/dll/file.c b/Sandboxie/core/dll/file.c index ac7ae4fc5a..645d565993 100644 --- a/Sandboxie/core/dll/file.c +++ b/Sandboxie/core/dll/file.c @@ -2440,6 +2440,22 @@ _FX NTSTATUS File_NtCreateFileImpl( if (Dll_OsBuild >= 8400 && Dll_ImageType == DLL_IMAGE_TRUSTED_INSTALLER) DesiredAccess &= ~ACCESS_SYSTEM_SECURITY; // for TiWorker.exe (W8) + // MSIServer without system + if (Dll_ImageType == DLL_IMAGE_MSI_INSTALLER && (DesiredAccess & ACCESS_SYSTEM_SECURITY) != 0 + && ObjectAttributes && ObjectAttributes->ObjectName && ObjectAttributes->ObjectName->Buffer + && _wcsicmp(ObjectAttributes->ObjectName->Buffer + (ObjectAttributes->ObjectName->Length / sizeof(WCHAR)) - 3, L".msi") == 0 + ){ + + // + // MSIServer when accessing \??\C:\WINDOWS\Installer\???????.msi files will get a PROGOLEGE_NOT_HELD error when requesting ACCESS_SYSTEM_SECURITY + // Howeever if we broadly clear this flag we will get error 1946 'System.AppUserModel.ID' could not be set on *.lnk files + // + + DesiredAccess &= ~ACCESS_SYSTEM_SECURITY; + } + + + __try { IoStatusBlock->Information = FILE_DOES_NOT_EXIST; @@ -3018,6 +3034,25 @@ _FX NTSTATUS File_NtCreateFileImpl( // while(!IsDebuggerPresent()) Sleep(50); __debugbreak(); //} + // MSIServer without system + if (status == STATUS_ACCESS_DENIED && Dll_ImageType == DLL_IMAGE_MSI_INSTALLER + && ObjectAttributes->ObjectName->Buffer && ObjectAttributes->ObjectName->Length >= 34 + && _wcsicmp(ObjectAttributes->ObjectName->Buffer + (ObjectAttributes->ObjectName->Length / sizeof(WCHAR)) - 11, L"\\Config.Msi") == 0 + ) { + + // + // MSI must not fail accessing \??\C:\WINDOWS\Installer\Config.msi but this folder is readable only for system, + // so we create a boxed copy copy instead and open it + // + + RtlInitUnicodeString(&objname, CopyPath); + status = __sys_NtCreateFile( + FileHandle, DesiredAccess, &objattrs, + IoStatusBlock, AllocationSize, FileAttributes, + ShareAccess, FILE_OPEN_IF, FILE_DIRECTORY_FILE, + EaBuffer, EaLength); + } + // // special case for SandboxieCrypto on Windows Vista, // which tries to open catdb that are locked by diff --git a/Sandboxie/core/dll/file_dir.c b/Sandboxie/core/dll/file_dir.c index e6db01c206..6e3cab041c 100644 --- a/Sandboxie/core/dll/file_dir.c +++ b/Sandboxie/core/dll/file_dir.c @@ -170,7 +170,7 @@ static void File_InitRecoverList( const WCHAR *setting, LIST *list, BOOLEAN MustBeValidPath, WCHAR *buf, ULONG buf_len); -static void File_NotifyRecover(HANDLE FileHandle, MSG_HEADER **out_req); +static void File_NotifyRecover(HANDLE FileHandle); static BOOLEAN File_IsRecoverable(const WCHAR *TruePath); @@ -1917,7 +1917,6 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle) NTSTATUS status; ULONG type; FILE_MERGE *merge; - MSG_HEADER *req; P_NtClose pSysNtClose = __sys_NtClose; @@ -1961,6 +1960,13 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle) Key_NtClose(FileHandle); } + // + // special handling for scm_msi.c + // + + if (TlsData->scm_last_own_token == FileHandle) + TlsData->scm_last_own_token = NULL; + // // if not closing a file handle, stop here // @@ -1978,8 +1984,6 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle) // close for a real handle // - req = NULL; - EnterCriticalSection(&File_DirHandles_CritSec); merge = List_Head(&File_DirHandles); @@ -1998,17 +2002,10 @@ _FX NTSTATUS File_NtCloseImpl(HANDLE FileHandle) // close and recover file // - File_NotifyRecover(FileHandle, &req); + File_NotifyRecover(FileHandle); status = pSysNtClose ? pSysNtClose(FileHandle) : NtClose(FileHandle); - if (req) { - MSG_HEADER *rpl = SbieDll_CallServer(req); - Dll_Free(req); - if (rpl) - Dll_Free(rpl); - } - TlsData->file_NtClose_lock = FALSE; SetLastError(LastError); @@ -2672,8 +2669,7 @@ _FX void File_DuplicateRecover( //--------------------------------------------------------------------------- -_FX void File_NotifyRecover( - HANDLE FileHandle, MSG_HEADER **out_req) +_FX void File_NotifyRecover(HANDLE FileHandle) { THREAD_DATA *TlsData = Dll_GetTlsData(NULL); diff --git a/Sandboxie/core/dll/gui.c b/Sandboxie/core/dll/gui.c index 61735f2377..3010a24f61 100644 --- a/Sandboxie/core/dll/gui.c +++ b/Sandboxie/core/dll/gui.c @@ -526,9 +526,6 @@ _FX BOOLEAN Gui_Init(HMODULE module) if (ok) ok = Gui_InitMsg(); - if (ok) - ok = Gui_InitWinHooks(); - if (ok) ok = Gui_InitDlgTmpl(); @@ -540,6 +537,9 @@ _FX BOOLEAN Gui_Init(HMODULE module) return ok; // NoSbieDesk END + if (ok) + ok = Gui_InitWinHooks(); + SBIEDLL_HOOK_GUI(AttachThreadInput); return ok; diff --git a/Sandboxie/core/dll/guihook.c b/Sandboxie/core/dll/guihook.c index 334b35ed69..3884f3ab15 100644 --- a/Sandboxie/core/dll/guihook.c +++ b/Sandboxie/core/dll/guihook.c @@ -96,6 +96,7 @@ static CRITICAL_SECTION Gui_HooksCritSec; static LIST Gui_Hooks; static DWORD Gui_HookHelperThreadId = 0; static int Gui_HookCount = 0; +static BOOLEAN Gui_HookInit = FALSE; //--------------------------------------------------------------------------- // Gui_InitWinHooks @@ -111,6 +112,8 @@ _FX BOOLEAN Gui_InitWinHooks(void) SBIEDLL_HOOK_GUI(SetWindowsHookExW); SBIEDLL_HOOK_GUI(UnhookWindowsHookEx); + Gui_HookInit = TRUE; + return TRUE; } @@ -618,6 +621,9 @@ _FX BOOL Gui_UnhookWindowsHookEx(HHOOK hhk) _FX LRESULT Gui_NotifyWinHooks() { + if (!Gui_HookInit) + return 0; + GUI_WND_HOOK_NOTIFY_REQ req; GUI_WND_HOOK_NOTIFY_RPL *rpl; diff --git a/Sandboxie/core/dll/key.c b/Sandboxie/core/dll/key.c index 48ab18365d..bafe5682fc 100644 --- a/Sandboxie/core/dll/key.c +++ b/Sandboxie/core/dll/key.c @@ -301,6 +301,9 @@ static const ULONG Key_ClickToRunLen_v16 = 63; static const WCHAR *Key_Wow6432Node = L"\\Wow6432Node\\"; + +static BOOLEAN Key_UseObjectNames = FALSE; + //--------------------------------------------------------------------------- // Debug Prints //--------------------------------------------------------------------------- @@ -351,6 +354,8 @@ _FX BOOLEAN Key_Init(void) SbieDll_MatchPath(L'k', (const WCHAR *)-1); + Key_UseObjectNames = SbieApi_QueryConfBool(NULL, L"UseObjectNameForKeys", FALSE); + List_Init(&Key_Handles); List_Init(&Key_MergeCacheList); @@ -448,23 +453,55 @@ _FX NTSTATUS Key_GetName( name = Dll_GetTlsNameBuffer( TlsData, TRUE_NAME_BUFFER, length + objname_len); - status = Obj_GetObjectName(RootDirectory, name, &length); + if (Key_UseObjectNames) + { + // + // Note: some keys like L"\\REGISTRY\\MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib\\007" + // do not return valid results when querying using NtQueryKey and returns a STATUS_INVALID_HANDLE + // using Obj_GetObjectName seams to break sbie on 1803, strangely on w7 its fine + // hence this alternative access mode is made optional + // - if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_BUFFER_TOO_SMALL || status == STATUS_INFO_LENGTH_MISMATCH) { + status = Obj_GetObjectName(RootDirectory, name, &length); - name = Dll_GetTlsNameBuffer( - TlsData, TRUE_NAME_BUFFER, length + objname_len); + if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_BUFFER_TOO_SMALL || status == STATUS_INFO_LENGTH_MISMATCH) { - status = Obj_GetObjectName(RootDirectory, name, &length); + name = Dll_GetTlsNameBuffer( + TlsData, TRUE_NAME_BUFFER, length + objname_len); + + status = Obj_GetObjectName(RootDirectory, name, &length); + } + + if (!NT_SUCCESS(status)) + return status; + + *OutTruePath = ((OBJECT_NAME_INFORMATION*)name)->Name.Buffer; + + name = (*OutTruePath) + + ((OBJECT_NAME_INFORMATION*)name)->Name.Length / sizeof(WCHAR); } + else + { + status = __sys_NtQueryKey( + RootDirectory, KeyNameInformation, name, length, &length); - if (! NT_SUCCESS(status)) - return status; + if (status == STATUS_BUFFER_OVERFLOW || status == STATUS_BUFFER_TOO_SMALL || status == STATUS_INFO_LENGTH_MISMATCH) { - *OutTruePath = ((OBJECT_NAME_INFORMATION *)name)->Name.Buffer; + name = Dll_GetTlsNameBuffer( + TlsData, TRUE_NAME_BUFFER, length + objname_len); - name = (*OutTruePath) - + ((OBJECT_NAME_INFORMATION *)name)->Name.Length / sizeof(WCHAR); + status = __sys_NtQueryKey( + RootDirectory, KeyNameInformation, name, length, &length); + } + + if (! NT_SUCCESS(status)) + return status; + + *OutTruePath = ((KEY_NAME_INFORMATION *)name)->Name; + + name = (*OutTruePath) + + ((KEY_NAME_INFORMATION *)name)->NameLength / sizeof(WCHAR); + } if (objname_len) { diff --git a/Sandboxie/core/dll/scm_msi.c b/Sandboxie/core/dll/scm_msi.c index 0e5ff797ee..4557d922d9 100644 --- a/Sandboxie/core/dll/scm_msi.c +++ b/Sandboxie/core/dll/scm_msi.c @@ -45,6 +45,20 @@ static HANDLE Scm_CreateWaitableTimerW( LPSECURITY_ATTRIBUTES lpTimerAttributes, BOOL bManualReset, LPCWSTR lpTimerName); +static BOOL Scm_OpenProcessToken( + _In_ HANDLE ProcessHandle, + _In_ DWORD DesiredAccess, + _Outptr_ PHANDLE TokenHandle + ); + +static BOOL Scm_GetTokenInformation( + _In_ HANDLE TokenHandle, + _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, + _Out_writes_bytes_to_opt_(TokenInformationLength,*ReturnLength) LPVOID TokenInformation, + _In_ DWORD TokenInformationLength, + _Out_ PDWORD ReturnLength + ); + //--------------------------------------------------------------------------- // Prototypes //--------------------------------------------------------------------------- @@ -54,6 +68,19 @@ typedef HANDLE (*P_CreateWaitableTimerW)( LPSECURITY_ATTRIBUTES lpTimerAttributes, BOOL bManualReset, LPCWSTR lpTimerName); +typedef BOOL (*P_OpenProcessToken)( + _In_ HANDLE ProcessHandle, + _In_ DWORD DesiredAccess, + _Outptr_ PHANDLE TokenHandle + ); + +typedef BOOL (*P_GetTokenInformation)( + _In_ HANDLE TokenHandle, + _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, + _Out_writes_bytes_to_opt_(TokenInformationLength,*ReturnLength) LPVOID TokenInformation, + _In_ DWORD TokenInformationLength, + _Out_ PDWORD ReturnLength + ); //--------------------------------------------------------------------------- // Pointers @@ -62,6 +89,9 @@ typedef HANDLE (*P_CreateWaitableTimerW)( static P_CreateWaitableTimerW __sys_CreateWaitableTimerW = NULL; +static P_OpenProcessToken __sys_OpenProcessToken = NULL; + +static P_GetTokenInformation __sys_GetTokenInformation = NULL; //--------------------------------------------------------------------------- // Variables @@ -87,12 +117,50 @@ _FX BOOLEAN Scm_SetupMsiHooks() //__debugbreak(); P_CreateWaitableTimerW CreateWaitableTimerW = (P_CreateWaitableTimerW)GetProcAddress(Dll_Kernel32, "CreateWaitableTimerW"); - SBIEDLL_HOOK(Scm_, CreateWaitableTimerW); - //// hook privilege-related functions - //if (!Hook_Privilege()) - // return FALSE; + + // + // To run MSIServer without system privileges we need to make it think it is running as system + // we do that by hooking OpenProcessToken and if it opened the current process caching the resulting token handle + // than in GetTokenInformation when asked for TokenUser for this handle we return the system SID + // finally on NtClose we clear the cached token value in case it gets reused later + // + + /* + msi.dll!RunningAsLocalSystem + v2 = GetCurrentProcess(); + if ( OpenProcessToken(v2, 8u, &hObject) ) + { + v3 = IsLocalSystemToken(hObject); + ... + + msi.dll!IsLocalSystemToken + if ( GetUserSID(a1, Sid) ) + return 0; + StringSid = 0i64; + if ( !ConvertSidToStringSidW(Sid, &StringSid) ) + return 0; + v2 = L"S-1-5-18"; + wcscmp... + + + msi.dll!GetUserSID + if ( GetTokenInformation(a1, TokenUser, TokenInformation, 0x58u, ReturnLength) ) + { + if ( CopySid(0x48u, a2, TokenInformation[0]) ) + ... + */ + + // MSIServer without system - fake running as system + HMODULE hAdvapi32 = LoadLibrary(L"Advapi32.dll"); + + void *OpenProcessToken = (P_OpenProcessToken)GetProcAddress(hAdvapi32, "OpenProcessToken"); + SBIEDLL_HOOK(Scm_, OpenProcessToken); + + void *GetTokenInformation = (P_GetTokenInformation)GetProcAddress(hAdvapi32, "GetTokenInformation"); + SBIEDLL_HOOK(Scm_, GetTokenInformation); + return TRUE; } @@ -118,6 +186,57 @@ _FX HANDLE Scm_CreateWaitableTimerW( } +//--------------------------------------------------------------------------- +// Scm_OpenProcessToken +//--------------------------------------------------------------------------- + + +_FX BOOL Scm_OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE phTokenOut) +{ + THREAD_DATA *TlsData = Dll_GetTlsData(NULL); + + NTSTATUS status = __sys_OpenProcessToken(ProcessHandle, DesiredAccess, phTokenOut); + + if (NT_SUCCESS(status) && ProcessHandle == GetCurrentProcess()) { + TlsData->scm_last_own_token = *phTokenOut; + } + + return status; +} + + +//--------------------------------------------------------------------------- +// Scm_GetTokenInformation +//--------------------------------------------------------------------------- + + +_FX BOOL Scm_GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, + LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength) +{ + THREAD_DATA *TlsData = Dll_GetTlsData(NULL); + + static const UCHAR sid[12] = { + 1, // Revision + 1, // SubAuthorityCount + 0,0,0,0,0,5, // SECURITY_NT_AUTHORITY // IdentifierAuthority + SECURITY_LOCAL_SYSTEM_RID // SubAuthority + }; + + if (TokenInformationClass == TokenUser && TlsData->scm_last_own_token == TokenHandle + && TokenInformationLength >= sizeof(TOKEN_USER) + sizeof(sid)) + { + PTOKEN_USER token_user = (PTOKEN_USER)TokenInformation; + token_user->User.Sid = (PSID)(((UCHAR*)TokenInformation) + sizeof(TOKEN_USER)); + memcpy(token_user->User.Sid, sid, sizeof(sid)); + + *ReturnLength = sizeof(TOKEN_USER) + sizeof(sid); + return TRUE; + } + + return __sys_GetTokenInformation(TokenHandle, TokenInformationClass, TokenInformation, TokenInformationLength, ReturnLength); +} + + //--------------------------------------------------------------------------- // Scm_SetupMsiWaiter //--------------------------------------------------------------------------- diff --git a/Sandboxie/core/drv/includes.c b/Sandboxie/core/drv/includes.c index 00271ebf22..522330ce91 100644 --- a/Sandboxie/core/drv/includes.c +++ b/Sandboxie/core/drv/includes.c @@ -66,5 +66,5 @@ extern const ULONG tzuk; /* BigNum */ -#define BIGNUM_WITH_FROM_STRING -#include "common/bignum.c" +//#define BIGNUM_WITH_FROM_STRING +//#include "common/bignum.c" diff --git a/Sandboxie/core/drv/thread_token.c b/Sandboxie/core/drv/thread_token.c index fb473adfb8..343615fb8a 100644 --- a/Sandboxie/core/drv/thread_token.c +++ b/Sandboxie/core/drv/thread_token.c @@ -640,7 +640,7 @@ _FX void *Thread_SetInformationProcess_PrimaryToken_3( } // - // special allowance for MSIServer + // special allowance for MSIServer running without system privileges // if (!proc->image_from_box && diff --git a/Sandboxie/core/drv/token.c b/Sandboxie/core/drv/token.c index 0de56f6158..ea9e954a46 100644 --- a/Sandboxie/core/drv/token.c +++ b/Sandboxie/core/drv/token.c @@ -1246,18 +1246,6 @@ _FX void *Token_RestrictHelper1( if (SidInToken && SidInToken[1] >= 1) { // SubAuthorityCount >= 1 PSID NewSid = NULL; - - // - // Alternative (less secure) workaround for msi issue started with windows 17763 - // the workaround in Proc_CreateProcessInternalW_RS5 makes solves thsi usse well - // - //if (!proc->image_from_box && _wcsicmp(proc->image_name, L"msiexec.exe") == 0 - // && RtlEqualSid(SidInToken, SystemLogonSid) - // && Conf_Get_Boolean(proc->box->name, L"MsiInstallerExemptions", 0, FALSE)) - //{ - // //DbgPrint("Sbie, MsiServer was allowed to keep its system token\n"); - //} - //else // SbieLogin BEGIN if (Conf_Get_Boolean(proc->box->name, L"SandboxieLogon", 0, FALSE)) diff --git a/Sandboxie/core/svc/ProcessServer.cpp b/Sandboxie/core/svc/ProcessServer.cpp index db4d3b0ab9..aea6a2b21f 100644 --- a/Sandboxie/core/svc/ProcessServer.cpp +++ b/Sandboxie/core/svc/ProcessServer.cpp @@ -1032,9 +1032,9 @@ BOOL ProcessServer::RunSandboxedStripPrivilege(HANDLE NewTokenHandle, LPCWSTR lp BOOL ProcessServer::RunSandboxedStripPrivileges(HANDLE NewTokenHandle) { - BOOLEAN ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_TCB_NAME); - if (ok) ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_CREATE_TOKEN_NAME); - if (ok) ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_ASSIGNPRIMARYTOKEN_NAME); + BOOLEAN ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_TCB_NAME); // security critical + if (ok) ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_CREATE_TOKEN_NAME); // usualyl not held, but in case + //if (ok) ok = RunSandboxedStripPrivilege(NewTokenHandle, SE_ASSIGNPRIMARYTOKEN_NAME); return ok; } diff --git a/Sandboxie/core/svc/serviceserver2.cpp b/Sandboxie/core/svc/serviceserver2.cpp index 323f75a356..9b31f70bbf 100644 --- a/Sandboxie/core/svc/serviceserver2.cpp +++ b/Sandboxie/core/svc/serviceserver2.cpp @@ -285,7 +285,7 @@ MSG_HEADER *ServiceServer::RunHandler(MSG_HEADER *msg, HANDLE idProcess) int ServiceServer::RunServiceAsSystem(const WCHAR* svcname, const WCHAR* boxname) { // exception for MSIServer, see also core/drv/thread_token.c - if (svcname && _wcsicmp(svcname, L"MSIServer") == 0 && SbieApi_QueryConfBool(boxname, L"MsiInstallerExemptions", TRUE)) + if (svcname && _wcsicmp(svcname, L"MSIServer") == 0 && SbieApi_QueryConfBool(boxname, L"MsiInstallerExemptions", FALSE)) return 2; // legacy behavioure option diff --git a/SandboxiePlus/QSbieAPI/SbieAPI.cpp b/SandboxiePlus/QSbieAPI/SbieAPI.cpp index 0751c62271..16d131d7c3 100644 --- a/SandboxiePlus/QSbieAPI/SbieAPI.cpp +++ b/SandboxiePlus/QSbieAPI/SbieAPI.cpp @@ -982,19 +982,26 @@ SB_STATUS CSbieAPI::RunStart(const QString& BoxName, const QString& Command, QPr if (m_SbiePath.isEmpty()) return SB_ERR(SB_PathFail); - //bool bStart = (Command == "run_dialog" || Command == "default_browser" || Command == "mail_agent" || Command.left(10) == "start_menu"); - - QString StartCmd = "\"" + GetStartPath() + "\"" + (Elevated ? " /elevated" : ""); + QString StartArgs; + if(Elevated) + StartArgs += "/elevated "; if (!BoxName.isEmpty()) - StartCmd += " /box:" + BoxName + " "; - else - StartCmd += " /disable_force "; - StartCmd += Command; - - if (pProcess) - pProcess->start(StartCmd); + StartArgs += "/box:" + BoxName + " "; else - QProcess::startDetached(StartCmd); + StartArgs += "/disable_force "; + StartArgs += Command; + + if (pProcess) { + pProcess->setProgram(GetStartPath()); + pProcess->setNativeArguments(StartArgs); + pProcess->start(); + } + else { + QProcess process; + process.setProgram(GetStartPath()); + process.setNativeArguments(StartArgs); + process.startDetached(); + } return SB_OK; } @@ -2234,7 +2241,7 @@ void CSbieAPI::AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge) m_TraceList.append(LogEntry); } -QList CSbieAPI::GetTrace() const +QVector CSbieAPI::GetTrace() const { QReadLocker Lock(&m_TraceMutex); diff --git a/SandboxiePlus/QSbieAPI/SbieAPI.h b/SandboxiePlus/QSbieAPI/SbieAPI.h index bb162cb9bf..ab450aa66d 100644 --- a/SandboxiePlus/QSbieAPI/SbieAPI.h +++ b/SandboxiePlus/QSbieAPI/SbieAPI.h @@ -110,7 +110,7 @@ class QSBIEAPI_EXPORT CSbieAPI : public QThread virtual bool IsMonitoring(); virtual void AddTraceEntry(const CTraceEntryPtr& LogEntry, bool bCanMerge = false); - virtual QList GetTrace() const; + virtual QVector GetTrace() const; virtual void ClearTrace() { QWriteLocker Lock(&m_TraceMutex); m_TraceList.clear(); m_LastTraceEntry = 0; } // Other @@ -185,7 +185,7 @@ protected slots: QMap m_BoxedProxesses; mutable QReadWriteLock m_TraceMutex; - QList m_TraceList; + QVector m_TraceList; int m_LastTraceEntry; mutable QReadWriteLock m_DriveLettersMutex; diff --git a/SandboxiePlus/SandMan/Models/TraceModel.cpp b/SandboxiePlus/SandMan/Models/TraceModel.cpp index ca7222387d..d2540d4013 100644 --- a/SandboxiePlus/SandMan/Models/TraceModel.cpp +++ b/SandboxiePlus/SandMan/Models/TraceModel.cpp @@ -48,7 +48,7 @@ bool CTraceModel::TestPath(const QList& Path, const CTraceEntryPtr& pE return Path.size() == Index; }*/ -QList CTraceModel::Sync(const QList& EntryList, void* BoxPtr) +QList CTraceModel::Sync(const QVector& EntryList, void* BoxPtr) { QList Added; QMap, QList > New; diff --git a/SandboxiePlus/SandMan/Models/TraceModel.h b/SandboxiePlus/SandMan/Models/TraceModel.h index e1a856f465..7b7c9fc178 100644 --- a/SandboxiePlus/SandMan/Models/TraceModel.h +++ b/SandboxiePlus/SandMan/Models/TraceModel.h @@ -11,7 +11,7 @@ class CTraceModel : public CTreeItemModel CTraceModel(QObject* parent = 0); ~CTraceModel(); - QList Sync(const QList& EntryList, void* BoxPtr); + QList Sync(const QVector& EntryList, void* BoxPtr); CTraceEntryPtr GetEntry(const QModelIndex& index) const; diff --git a/SandboxiePlus/SandMan/Views/TraceView.cpp b/SandboxiePlus/SandMan/Views/TraceView.cpp index cdff51bac4..c6e6ceee70 100644 --- a/SandboxiePlus/SandMan/Views/TraceView.cpp +++ b/SandboxiePlus/SandMan/Views/TraceView.cpp @@ -127,7 +127,7 @@ void CTraceView::Refresh() if(m_pOnlyCurrent->isChecked()) Boxes = theGUI->GetBoxView()->GetSelectedBoxes(); - QList ResourceLog = theAPI->GetTrace(); + QVector ResourceLog = theAPI->GetTrace(); //m_pTraceModel->Sync(ResourceLog, Pids); QList Added = m_pTraceModel->Sync(ResourceLog, Boxes.count() == 1 ? Boxes.first().data() : NULL); diff --git a/SandboxiePlus/version.h b/SandboxiePlus/version.h index 8fefea5d1e..69b6ce5d35 100644 --- a/SandboxiePlus/version.h +++ b/SandboxiePlus/version.h @@ -2,8 +2,8 @@ #define VERSION_MJR 0 #define VERSION_MIN 8 -#define VERSION_REV 7 -#define VERSION_UPD 2 +#define VERSION_REV 8 +#define VERSION_UPD 0 #ifndef STR #define STR2(X) #X