www.sandboxie.com :: View topic - SandboxieReflector - cross-sandbox execution

Posted: Mon Feb 27, 2012 9:42 am

Hi all!

{update: The current version is 12.3.19 (from March 19, 2012) }

I've created my own contributed utility called SandboxieReflector. SandboxieReflector allows you to define commands that force designated applications to always run in a certain sandbox, also when called from inside another one. This can be useful in several ways; e.g.

when you want to force certain apps to run in their own sandbox, thus not polluting other sandboxes along the way (run FireFox in it's own sandbox even when started from another sandbox), or

when you want to install apps in their own sandbox, and be able to run them from anywhere (also from inside other sandboxes).

There are some restrictions, caveats, disclaimers etc.; they are all noted on the SandboxieReflector page at my web site - you can also download the zip file from there.

I've briefly mailed with Tzuk about this functionality, and while it might be added to a future version it will probably not be in the near future. I have therefore decided to still publish it as an interim solution, but I'm inclined not to develop/support it any further for the same reason. It should still be a very useful utility for the ones who know how to use it though!

Interested in your opinions, and happy reflecting! Wink

Carl

Posted: Mon Feb 27, 2012 10:54 am

Looks good! Thanks for posting it. I hope some will find it useful.

Posted: Mon Feb 27, 2012 12:14 pm

This is great! I thought about something similar, but didn't get the time to work on it. I have read the SandboxieReflector page and I'm going to test it and put it at work today. I'm also an avid user of virtual computers, but as you and many others, I feel that Sandboxie's invaluable for getting the best out of your system for applications while still running them isolated, and this utility you have created should be of great help until Sandboxie reaches this milestone. Thank you.

Posted: Mon Feb 27, 2012 12:35 pm

MichaelS wrote:

This is great! I thought about something similar, but didn't get the time to work on it.

Funny how this seems to work sometimes - first there is nothing and then all of a sudden a few people get the same idea all at the same time... Maybe this is a hint to Tzuk the time is right for this feature? Wink

Anyway, please tell me what you think of it! All feedback is appreciated, although I'm a bit reluctant to improve anything apart from bug fixing.

Posted: Tue Feb 28, 2012 3:26 am

Carl, this is excellent. Works just the way I imagined it would and how I would've made my own implementation, so I have to thank you for saving me some time.
Also, as a Sandboxie user, I appreciate you shared this utility, thus bringing more attention upon a much needed feature. I'd call this one of the most valuable contributed utilities.
Without wanting to sound arrogant, I believe a lot more users would emphasize the wish for such a feature if they'd be aware of the implications and benefits of it.

If anyone's reluctant to using this utility, you should know that it doesn't have any impact on performance (i.e. file proxying doesn't affect execution time).

Manual labor for creating correct registry entries may seem cumbersome to some, but it is the only way to make this work, and I personally view it as a means to better control the way you want things to work.

I recommend Default Programs Editor as a great tool to aid the process for the faint-hearted.

Another thing I would like to mention: having all preferred extensions pointing to Reflector.exe is very helpful in case you wish to change a sandbox's location, because then yo do not have to deal with the change in the registry (unless the file icon is .exe dependent), but in the INI file, so it is easier to manage multiple changes.

Carl, thank you for creating this, and Tzuk- thanks for supporting the idea.

Posted: Wed Feb 29, 2012 10:59 am

Carl, I know you said you do not wish to improve or further extend your application, unless it's a bug-fix or vulnerability issue, and I completely understand if you do not want to implement the following suggestion:

Add an alternative version of the Reflector and/or Effectuator that allows the Reflector to pass raw command lines to the Effectuator, so it is not confined to the /file parameter.

For example, this:
"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> /I="$I" /R="$R" /L="$L"

would execute whatever is in the CmdLine associated with <profilename> along with /I="$I" /R="$R" /L="$L"

The reason I am asking this is because $I, $R, $L are actually dynamic arguments replaced with other data by the file-manager that I am using, so I can't just add them to the INI file. This means that when I am executing

Code:

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> /I="$I" /R="$R" /L="$L"

, the file manager is actually running:

Code:

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> /I="inactive_pane_path" /R="right_pane_path" /L="left_pane_path"

Again, if you do not want to implement this for the already mentioned reasons or for any other reason, I completely understand and I already appreciate the application as it is.
I am aware that this is a niche suggestion so I already created an application that dynamically changes the INI command line before executing the Reflector.

Thank you.

Posted: Wed Feb 29, 2012 3:31 pm

MichaelS wrote:

Carl, I know you said you do not wish to improve or further extend your application, unless it's a bug-fix or vulnerability issue, and I completely understand if you do not want to implement the following suggestion:

Add an alternative version of the Reflector and/or Effectuator that allows the Reflector to pass raw command lines to the Effectuator, so it is not confined to the /file parameter.

Hi MichaelS,

A more generic method would be to pass all parameters along via a dedicated /p switch, with "/p file" a good replacement for the "/file" in use now. Something like:

Code:

Reflector.exe /exec <profile name> [/p <param name> <param value> [<param value> ...]]

and the profile code something like:

Code:

CmdLine=MyApp.exe [$<param name> [$<param name> ...]]

As an example:

Code:

Reflector.exe /exec MyProfile /p file "%1",
CmdLine=MyApp /open $file

and:

Code:

Reflector.exe /exec MyProfile /p I "$I" /p R "$R" /p L "$L"
CmdLine=MyApp /left_path=$L /other=$R /and_even=$I

Just like the Effectuator now looks for all %1's in the cmdlines and complains if there is an unmatch with any /file switch, it could just as easily compare all /p's in the same manner.

I'm already breaking my own promise of not improving the code by looking if initial DDE proxying support is easy to add, so the above would be a quick addition as well Wink

No promise on a time frame, but the idea intrigues me!

Posted: Wed Feb 29, 2012 5:18 pm

Hello! Thank you for considering the suggestion.
Your approach is good, but the command would still depend on the CmdLine from the INI file, while a raw interpretation wouldn't.

An example. Let's say I run the following user command from my sandboxed file manager (which would replace $I, $R, $L with file paths or whatever):

Code:

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> "D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

In this case, the CmdLine property in SandboxieReflector.ini for the invoked profile could be null, like CmdLine="" and Effectuator.exe would run

Code:

"D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

or, if it is possible, introduce a /raw parameter whose value is concatenated to the ini CmdLine property (which can be null).

Quote:

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> /raw "D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

Of course, the call is yours, and as I said before, I'm already using your applications in conjunction with one of mine to get the desired functionality.

Posted: Thu Mar 01, 2012 11:02 am

MichaelS wrote:

Hello! Thank you for considering the suggestion.
Your approach is good, but the command would still depend on the CmdLine from the INI file, while a raw interpretation wouldn't.

Hi MichaelS,

I get what you're after, but I do not want to add a "raw" interpretation to SandboxieReflector - if such an interpretation would be added, anyone could execute any command in a sandbox, as long as they know the name of the corresponding profile. Since the SandboxieReflector.ini file is readable by anyone (even the baddies), this would mean a giant security breach. (as if like it's worthwhile to build circumvention code for all 10+ people on Earth using SandboxieReflector Wink

, but still...)

But I still do think my solution will also help you;

MichaelS wrote:

An example. Let's say I run the following user command from my sandboxed file manager (which would replace $I, $R, $L with file paths or whatever):

Code:

"C:\Program Files\SandboxieReflector\Reflector.exe" /exec <profilename> "D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

In this case, the CmdLine property in SandboxieReflector.ini for the invoked profile could be null, like CmdLine="" and Effectuator.exe would run

Code:

"D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

In this case the Reflector.exe call would be:

Code:

Reflector.exe /exec <profilename> /p I "$I" /p R "$R" /p L "$L" /p file "%1"

which would expand to e.g.:

Code:

Reflector.exe /exec <profilename> /p I "inactive_pane_path" /p R "right_pane_path" /p L "left_pane_path" /p file "C:\Windows\Media\ding.wav"

The CmdLine in the .ini would be (now with the .wav supplied via Reflector as well via the "file" parameter):

Code:

CmdLine="D:\MyApp.exe" /I="$I" /R="$R" /L="$L" /Type=Mov /Notify=$file

which in this case would expand to:

Code:

CmdLine="D:\MyApp.exe" /I="inactive_pane_path" /R="right_pane_path" /L="left_pane_path" /Type=Mov /Notify="C:\Windows\Media\ding.wav"

Does this do what I think you meant? It is a (potentially) useful and quick-to-add addition in it's own right, though, so I'd probably add it anyway. Another use case would be to consolidate multiple almost-similar cmdlines into one profile (like some programs have when they have multiple shell verbs), with the differences triggered via alternate Reflector.exe calls.

Posted: Thu Mar 01, 2012 12:41 pm

Carl Colijn wrote:

I get what you're after, but I do not want to add a "raw" interpretation to SandboxieReflector - if such an interpretation would be added, anyone could execute any command in a sandbox, as long as they know the name of the corresponding profile.

Yes, I realize this, that's why I initially suggested to add an alternative version of the Reflector and/or Effectuator that allows the Reflector to pass raw command lines to the Effectuator, so only those who are aware of the risks would use it, but I understand the concern for security breaches.

Carl Colijn wrote:

But I still do think my solution will also help you;
[...]
Does this do what I think you meant? It is a (potentially) useful and quick-to-add addition in it's own right, though, so I'd probably add it anyway. Another use case would be to consolidate multiple almost-similar cmdlines into one profile (like some programs have when they have multiple shell verbs), with the differences triggered via alternate Reflector.exe calls.

No doubt, what you presented would be a welcomed addition.

Thank you!

Posted: Fri Mar 02, 2012 10:47 am

MichaelS wrote:

Carl Colijn wrote:

But I still do think my solution will also help you;
[...]
Does this do what I think you meant? It is a (potentially) useful and quick-to-add addition in it's own right, though, so I'd probably add it anyway. Another use case would be to consolidate multiple almost-similar cmdlines into one profile (like some programs have when they have multiple shell verbs), with the differences triggered via alternate Reflector.exe calls.

No doubt, what you presented would be a welcomed addition.

Thank you!

And thus came version 12.3.2; you can download it from the SandboxieReflector web page on my site (see the initial post).

The previous version could only handle a single /file parameter (reflected in any %1 CmdLine tag), but now you can use a more general /p parameter passing method, which allows you to create as many parameters as you want. Now on to investigating simple DDE proxying again... Did I tell you I wanted to leave it at version 12.2.22? Smile

Posted: Fri Mar 02, 2012 9:22 pm

Thank you for the improvements! This surely broadens the use of SandboxieReflector.

Posted: Sat Mar 10, 2012 9:16 pm

Can you add /min to the Effectuator so it go small on start.

Posted: Sun Mar 11, 2012 11:40 am

Messmer wrote:

Can you add /min to the Effectuator so it go small on start.

Hi Messmer,

It's already there Wink

It's the /s switch.

Posted: Sun Mar 11, 2012 2:32 pm

Carl Colijn wrote:

Messmer wrote:

Can you add /min to the Effectuator so it go small on start.

Hi Messmer,

It's already there Wink

It's the /s switch.

Great, it solved one my problem. Software I wan't to use but with highly restrictive right on install.