Enhanced Boxes Making Changes To NonSandboxed Opera?

Post Reply
PaulBox
Posts: 1
Joined: Mon Oct 10, 2022 2:08 am

Enhanced Boxes Making Changes To NonSandboxed Opera?

Post by PaulBox »

Hi all, longtime Sandboxie user; just upgraded to Plus and got a licence. This is long but I want to be clear, and it's of concern, even if my error.

I have searched around but couldn't find a similar problem.
I replicated this problem and it repeats. It does it with any kind of security enhancement; blue, orange or red boxes (Hardened With Data Protection, security Hardened, Sandbox With Data Protection). Regular boxes seem fine. However, I'm concerned about this both as I'd liked to use enhanced, and if it pertains to any other box.

I set three sandboxes for enhanced privacy.
All three had different names.

I launched and used one, then used the second after terminating the first. Doing the same for the third, I noticed a history....

The browser was the same for each sandbox. I was disturbed a sandbox was shared, reset all, began again but my history was there.

I launched the non sandboxed opera portable. Each sandbox was writing to the unsandboxed Opera.
I have repeated this and sure enough, using any of the enhanced settings on a sandbox, including making a change on one that otherwise seems fine in normal use, results in sites I visit in one sandbox, being written to the actual browser itself.

This is the first setting I used for all boxes. I can provide more information and shots.

[Amazon]
FileRootPath=O:\Sandbox\Amazon
Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#0423ee,ttl,6
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
UseSecurityMode=y
UsePrivacyMode=y
OpenFilePath=O:\
AllowNetworkAccess=<BlockNetAccess>,n
BoxNameTitle=n
FakeAdminRights=y
ClosePrintSpooler=y
CopyLimitKb=81920
ClosedFilePath=!<InternetAccess>,InternetAccessDevices
ClosedFilePath=<BlockNetDevices>,InternetAccessDevices
ClosedIpcPath=!<StartRunAccess>,*
ProcessGroup=<StartRunAccess>,rundll32.exe,Opera_PortableSetup.exe,opera.exe,launcher.exe, Opera_Portable.exe
ProcessGroup=<InternetAccess>,OperaSetup.exe,Opera_PortableSetup.exe,opera.exe,launcher.exe

Can you advise as to what I did/went wrong? Is this a bug? Even allowing access to O should not allow it to make changes, right? This is a setting I had before (and blocked off access to many locations myself in the.ini) and is required to access O as the sandbox is on it (it's a mountable drive).

Regular sandbox works as always, including when the settings are the same except the "extra" protection level boxes.. I can see inside the Sandbox it has the "O" drive with files. It seems to modify only the sandboxed contents. I am checking as thoroughly as I can.

Any enhancements use the Opera Portable itself. There is only the "C" drive and no "O" drive where Opera is located.

Thanks so much!

User avatar
DavidXanatos
Posts: 340
Joined: Fri Mar 19, 2021 11:26 am

Re: Enhanced Boxes Making Changes To NonSandboxed Opera?

Post by DavidXanatos »

Hello,

OpenFilePath=O:\

allows read and write access to O:\

with UsePrivacyMode=y

you need to use a new type of rule if you want to allow a read and copy on write access

NormalFilePath=O:\

this rule enables regular sandboxie behavior for the O:\ drive which is what i get from your request you want.

Sandboxes applications will be able to read the all of O:\ but all changes they try to make will be contained within the sandbox.

Cheers

Post Reply