New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Waterfox with data protection enabled can't read your profile #3790
Comments
The file profiles.ini have to be read by firefox/waterfox to know what are the available profiles and in data protection mode, exe can't read by default the real %AppData%. You have to explicitely add an access (read only or more). You could add something similar in your waterfox box : Or in your template : I prefer a normal access than a direct acess but whatever suits your needs. (Tmpl.Waterfox=%AppData%\Waterfox\Profiles* enables the read of directories and files begining by "profiles") |
By the way, we already had a discussion in 2022 about whether there should be templates for sandboxes with data protection: As @Rngexile has already written, you only need to add a "NormalFilePath" to your sandbox settings: |
@Rngexile @APMichael |
Interesting discussion you had in 2022. :) I prefer more granular approach, given i take time to check what my accesses and needs are. As for examples : [Template_Firefox_Profile_NormalAccess] => ALL of my firefox profiles can be read by any of my firefox "data protection box". [Template_Firefox_Bookmarks_DirectAccess] => If i have a data protected box used for a "super privacy bank and stuff" with a particular firefox's profile it can be read and written by any other firefox box having that template active ... [Template_Firefox_Passwords_DirectAccess] => If i have a data protected box used for a "super privacy bank and stuff" with a particular firefox's profile it can be read and written by any other firefox box having that template active ... Probably most people use only one firefox profile for everything, but advanced users with "data protection" needs should be careful with templates. |
@Dyras I had already expressed my opinion on this in 2022. And I personally still believe that special templates are not really necessary. (If they are added at some point anyway, I have no problem with that, of course). By the way, when selecting a sandbox with data protection in the GUI, you will be informed (with a clickable link to the manual) that access to user data is blocked and that you must first allow this under "Resource Access": "This box prevents access to all user data locations, except explicitly granted in the Resource Access options." |
I know that it's blocked and that that is the entire purpose, etc. It's definitely not "necessary". I just think that for the less tech-savvy, it would be nice with a template for this that can be enabled in a few clicks instead of having to go through Resource Access, especially when the file in question is deep inside of the %appdata% folder. I think normie users are more likely to back out than learn how to find which file isn't moving properly, which isn't great for what is essentially a pay-only feature. Any thoughts @DavidXanatos ? |
My take on this is, that by default the data protection should not be reduced, unless data protection breaks the function of normal operation of Windows or general purpose software, e.g. it causes them to crash. This should apply to templates, which the user has to enable on purpose. When data protection is enabled, the user has to make the choice to add resources that need to be allowed to accomplish what the user had in mind. This could be too broad with templates that set NormalFilePath for the user, which is why I don't suggest adding them, but at the same time I am not opposing (which I am not in the position in, anyway) separate templates that aid less tech-savvy users. There could be weak spots with this approach, but a sandbox with data protection that uses a too broad template (or templates) is still better than a sandbox without it, in terms of privacy. What needs to be avoided is one getting lazy and enable templates as it is quicker; users that can set it up to suit their needs should do so and not assume that the template will cover every use-case. Maybe another approach to this is creating tutorials on how to find the required folders. Users would need to find and read them, which is a drawback. The point is to enable the user to learn about how these things work. Empowering them to make use of Sandboxie, to make it work in their way and get just a bit more used to dealing with folders. Abstractions are good in many cases (clicking to update something, instead of typing a command) and helpful, like with templates, but they can also go too far (some browsers hide parts of the URL, stripping https:// and www), so that there needs to be a balance. It's hard to chose where to draw the line. This requires some insight on how users deal with it. |
I think we should create explicit templates which the user can enable in privacy mode, this is a secure and strait forward approach |
Howdy!
I tried to keep the text as generic as possible so that we won't have 30 of them. But maybe we want that so that the user knows what is being allowed by the template? If so, I propose something like
If so, I'll download all of the browsers that I totally don't have installed already and check which ones need changes like these and which ones don't. Perhaps I should make another one for users that want to use the "Auto delete" feature? My understanding is that "NormalFilePath" makes it writable inside of the sandbox rather than outside of it in the "real" file which will obviously cause issues.
Seems like a nice compromise to me. Any suggestions? |
Just my opinion: I think most users will not understand the function of this template, as it requires the additional use of the already existing browser templates. If only this template is activated, Waterfox still creates a new profile in the sandbox, as access to the profile folder is still not possible. With this template, however, the majority will probably think that the browser works as if it were in a yellow sandbox. The template should therefore be as follows:
Edit 1: #2372 (comment) By the way, no "OpenFilePath" is required for the “Auto Delete” function of Sandboxie. Sandboxie has always used "NormalFilePath". Edit 2: Sorry, the sentence is a bit short. I meant that only "NormalFilePath" has ever been used in a yellow standard sandbox and that there have never been any problems with browsers because of this. If you want to reinstall the browser or add a new profile, you should always do this outside the sandbox. Therefore, "OpenFilePath" is not really necessary for the two .ini files. |
Yeah I guess my thought processing was that this would be complimentary to the other profiles, but that isn't perfectly clear in any way. Makes sense that we should use the entire path then! I can do that. I was under the impression that NormalFilePath won't allow you to edit the original file 🤔 but maybe I'm thinking of something else then. So something like this sound be the optimal way to do it, I assume?
|
It is true that "NormalFilePath" does not allow you to change the original file, but this is not necessary for the two .ini files. These are only changed if you want to create a new profile or (re)install the browser, and this should always be done outside a sandbox. Yes, I think that should be fine:
Or if, for example, the data for "safe browsing" should also be able to be read:
|
With such a large "read access" you currently open ALL waterfox's profileS to be read by any sandbox using your template and so it partially counters the purpose of the data protected stuff. If the user, while using the template, doesn't add explicit ClosedFilePath rules to the waterfox's profileS he doesn't want to use in his sandbox then he leaves the possibility to exfiltrate that content in the context of waterfox (he relies on the security of waterfox which we don't rely on too much because we use sandboxie-plus). |
IMO, the name should be chosen to reflect what the template does, so the more precise the name is the better. A comment that explains that this gives read access to all the profiles of the current user is indeed helpful. Does anyone have data on how many users use different browser profiles? I imagine that users, that use multiple profiles and Sandboxie have a better technical understanding to be aware what the template does by giving read access to that folder, but still it should be made obvious that the template might not be the best fit. (Comparing it to default firewall rules in some products where for example FTP is allowed for some apps and the user being better off to make his own rules.) |
I think @Dyras surely has nothing against changing the name of the template and adding a comment with an appropriate note or warning. As far as I know, there is no other option for a template that makes using the browser as easy as in a yellow standard sandbox, as only wildcards can be used for the random names of the profile folders. Data protection is still much better than in the standard sandbox, as all access is blocked except for the browser profiles. If anyone has a better idea, they are welcome to share it here. Or you can use @Dyras first approach again, only with Perhaps @DavidXanatos can comment here again on which variant he would like to have in his Sanboxie-Plus. |
I don't have data but it's probably very low % of user base (i'm in it ^^). Profiles are a thing in every mozilla applications (firefox based browers, thunderbird based mail clients), and probably some other apps.
Indeed a normalfilepath template is still a better compromise than the profile_directaccess that is just crazy imho. Sorry, bad idea : what about an interactive template creation for some known applications like firefox base browsers ? |
Describe what you noticed and did
Well as it turns out, the files "installs.ini" and "profiles.ini" are in this folder:
%AppData%\Waterfox
For comparison, for Mozilla Firefox they are in this folder:
C:\Users\User\AppData\Roaming\Mozilla\Firefox
For some reason that I can't quite understand, Waterfox seems to care about this file not being included while Firefox doesn't.
Possible solutions I can think of:
Way 1:
Change
Tmpl.Waterfox=%AppData%\Waterfox\Profiles\*
To
Tmpl.Waterfox=%AppData%\Waterfox\Profiles*
^ Seems to work anyway, then again I've learned over the years that this computer is cursed so I'm gonna do some more testing on this, and I'll edit that in if I figure anything out.
Way 2:
Add the files here:
Way 3:
Add a new template for data protection:
[Template_Waterfox_Profile_DirectAccess_DP]
Tmpl.Title=#4338,Waterfox
Tmpl.Class=WebBrowser
OpenFilePath=%AppData%\Waterfox\profiles.ini
OpenFilePath=%AppData%\Waterfox\installs.ini
How often did you encounter it so far?
Whenever I run Waterfox with Data Protection
Expected behavior
The files should be included which means Data Protection will work as intended.
Affected program
Latest Waterfox
Download link
https://www.waterfox.net/
Where is the program located?
The program is installed only outside the sandbox.
Did the program or any related process close unexpectedly?
No, not at all.
Crash dump
No response
What version of Sandboxie are you running now?
1.13.4 64-bit
Is it a new installation of Sandboxie?
I just updated Sandboxie from a previous version (I remember which one it is).
Is it a regression from previous versions?
Nope
In which sandbox type you have this problem?
In a hardened sandbox with data protection (red sandbox icon).
Can you reproduce this problem on a new empty sandbox?
I can confirm it also on a new empty sandbox.
What is your Windows edition and version?
Windows 11 Education, but this also happened on Windows 10
In which Windows account you have this problem?
A Microsoft account (Administrator).
Please mention any installed security software
Windows Defender
Did you previously enable some security policy settings outside Sandboxie?
No response
Trace log
No response
Sandboxie.ini configuration
No response
The text was updated successfully, but these errors were encountered: