Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BreakoutFolder should take priority over ForceFolder #2058

Open
thejavascriptman opened this issue Jul 26, 2022 · 0 comments
Open

BreakoutFolder should take priority over ForceFolder #2058

thejavascriptman opened this issue Jul 26, 2022 · 0 comments
Labels
Program Control Issues with control structures ToDo To be done

Comments

@thejavascriptman
Copy link

thejavascriptman commented Jul 26, 2022
edited

Describe what you noticed and did

  • When ForceFolder and BreakoutFolder are used at the same time, there are some scenarios where BreakoutFolder is ignored and a process still gets executed inside of the sandbox
  • From what I can see, when you have Steam on your system (installed outside Sandboxie), and you force your game library to run inside of Sandboxie (in this case D:\Games), any Steam game (e.g. D:\Games\...\SomeGame.exe) will call Steam and Steam will launch C:\Program Files (x86)\Common Files\Steam\steamservice.exe, the later one installs missing dependencies (like DirectX), however steamservice.exe and all of it's child processes get executed inside Sandboxie despite BreakoutFolder being used.
  • If I manually open Windows Explorer inside Sandboxie and manually launch Steam C:\Program Files (x86)\Steam\steam.exe, it launches outside Sandboxie as expected.
  • If I remove ForceFolder=D:\Games and target the game I want to play instead ForceProcess=SomeGame.exe, the issue no longer happens (i.e. steamservice.exe executes outside of the sandbox as expected). Unfortunately this is not a good solution as it can get difficult to configure when you have lots of games.

How often did you encounter it so far?

Whenever a game has missing dependencies (i.e. DirectX, VC Redist, etc). Steam will try to install these dependencies through steamservice.exe (located under "C:\Program Files (x86)\Common Files\Steam") but steamservice.exe will open inside of the sandbox despite BreakoutFolder being used.

Affected program

Steam

Download link

Not relevant

Where is the program located?

The program is installed only outside the sandbox.

Expected behavior

BreakoutFolder should take precedence when used alongside ForceFolder

What is your Windows edition and version?

Windows 10 21H2 x64

In which Windows account you have this problem?

User account with secure desktop turned off for UAC prompts.

Please mention any installed security software

None, Windows Defender disabled

What version of Sandboxie are you running?

  • Plus 1.1.3 x64
  • Updated to Plus 1.2.6 x64 (got same results)

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression?

No response

In which sandbox type you have this problem?

In an Application Compartment sandbox with no isolation (green sandbox icon).

Can you reproduce this problem on an empty sandbox?

I can confirm it also on an empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

#
# Sandboxie-Plus configuration file
#

[GlobalSettings]
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
SeparateUserFolders=y
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
NetworkEnableWFP=n
EnableObjectFiltering=y
EnableWin32kHooks=y
EditAdminOnly=n
ForceDisableAdminOnly=n
ForgetPassword=n
Template=7zipShellEx
Template=WindowsRasMan
Template=WindowsLive
Template=OfficeLicensing
ForceDisableSeconds=60

[UserSettings_<REDACTED>]
SbieCtrl_AutoStartAgent=SandMan.exe
BoxDisplayOrder=Example
SbieCtrl_EnableAutoStart=y
SbieCtrl_UserName=user
SbieCtrl_NextUpdateCheck=1657211782
SbieCtrl_WindowCoords=200,150,1237,632
SbieCtrl_ActiveView=40021
SbieCtrl_ProcessViewColumnWidths=250,70,300

[Example]
Enabled=y
AutoRecover=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#00ffff,ttl,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9

# Path where Steam games are installed
ForceFolder=D:\Games
# Files allowed to run outside the sandbox
OpenFilePath=C:\Program Files (x86)\Steam
BreakoutFolder=C:\Program Files (x86)\Steam
BreakoutFolder=C:\Program Files (x86)\Steam\*
OpenFilePath=C:\Program Files (x86)\Common Files\Steam
BreakoutFolder=C:\Program Files (x86)\Common Files\Steam
BreakoutFolder=C:\Program Files (x86)\Common Files\Steam\*

OpenIpcPath=$:steam.exe
OpenIpcPath=*\BaseNamedObjects\Steam*
OpenWinClass=SteamWinsockInitFakeClass_*

NoSecurityIsolation=y
@thejavascriptman thejavascriptman added the Confirmation pending Further confirmation is requested label Jul 26, 2022
@thejavascriptman thejavascriptman mentioned this issue Jul 29, 2022
Open
@DavidXanatos DavidXanatos added ToDo To be done Program Control Issues with control structures and removed Confirmation pending Further confirmation is requested labels Sep 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Program Control Issues with control structures ToDo To be done
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DavidXanatos @thejavascriptman