Sandboxie 5.31.6 available for download

Hi all,

We have published Sandboxie 5.31.6. Please download from https://www.sandboxie.com/DownloadSandboxie.

The main fixes are around supporting Windows 10 19H2.

We did are some fixes for the Windows 10 20H1 build. Please don't expect that Sandboxie will continue to work with that version as there are likely to be kernel changes that require a new version before 20H1 is fully released.

Thanks.

Akhilesh@Sophos

Parents
  • Akhilesh@Sophos said:

    We have published Sandboxie 5.31.6. Please download from https://www.sandboxie.com/DownloadSandboxie.

     

    I think I found a bug, that might hit security on some systems.

     

    1- Sandboxie and Windows version

    5.30 did block ports, when I used the www.sandboxie.com/BlockPort function with the line

    BlockPort=*,3000-3100


    So, I only wanted to use SOCKS proxies on another box with TCP ports between 3000 and 3100. Worked great with 5.30. No traffic was received on the other box when I on purpose used a SOCKS proxy on lets say port 3111.

     

    When I use this line, with on purpose wrong TCP ports (not being used by my proxies)

    BlockPort=*,9999

    on version 5.31.4 and on version 5.31.6, all traffic is allowed and my Chromium instance is using a SOCKS5 proxy port that I did not allow (because, in this example, I only allowed 9999).


    If I remove the line, all works fine... my proxies on ports 3000-3100 are used, but every TCP port is allowed by Sandboxie :(. So... using BlockPort might be a big security / privacy risk for me :(.

    2 - Affected applications version (if using a browser, include any extensions as well)

    Version 80.0.3970.0 (Developer Build) (64-bit)

    including the latest uBlock Origin and the latest WebRTC Leak Shield extensions

    run with Sandboxie 5.31.4 and 5.31.6.

    3 - List any antivirus installed, and their version.

    Default / clean windows 10 install with Windows Security, latest definitions (of today). This was the Windows install file
    18363.418.191007-0143.19h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us

    4 - Steps to reproduce the issue.

    See point 1.


    5 - Does it occur in a new sandbox with default settings?

    Yes, except the fact that I add the BlockPort line.

     

    6 - Full error message and screenshots of it if applicable.

    No error message... leaking TCP traffic out of the sanbox :(.

     

     

    Just to clarify extra: Sandboxie running with a sandbox named hidemass. I have this line in Sandboxie.ini in \Windows
    BlockPort=*,3000
    I start Chromium with
    "C:\Program Files\Sandboxie\Start.exe" /box:hidemyass C:\Users\Igor\AppData\Local\Chromium\Application\chrome.exe -proxy-server="socks5://192.0.2.1:3024"


    In Sandboxie 5.31.6 this Chromium instance IS working (I have danted running on 192.0.2.1:3024). This is NOT what should happen.
    In Sandboxie 5.30 this Chromium instance is NOT working, which is expected behavior, because I only allow port 3000 and not 3024.

    I looked at www.sandboxie.com/KnownConflicts of this issue was mentioned, it was not.

  • Wouter Budding said:

     

     
    Akhilesh@Sophos

    We have published Sandboxie 5.31.6. Please download from https://www.sandboxie.com/DownloadSandboxie.

    I think I found a bug, that might hit security on some systems.
    [...]


    In Sandboxie 5.31.6 this Chromium instance IS working (I have danted running on 192.0.2.1:3024). This is NOT what should happen.
    In Sandboxie 5.30 this Chromium instance is NOT working, which is expected behavior, because I only allow port 3000 and not 3024.

    I looked at www.sandboxie.com/KnownConflicts of this issue was mentioned, it was not.

    FWIW ~ I would not expect updates to Known Conflicts.
    Users are advised to run 5.31.6.

  • bj m said:
    Users are advised to run 5.31.6.

     

    except that BlockPort is totally broken in this version.  Also the line

    BlockPort=*

    lets the sandbox use every (TCP) port it wants :(.

     

  • Wouter Budding said:
    bj m
    Users are advised to run 5.31.6.

    except that BlockPort is totally broken in this version.  Also the line

    BlockPort=*

    lets the sandbox use every (TCP) port it wants :(.

    Hmm, then use the version that BlockPort is not totally broken. 

    12 years never used https://www.sandboxie.com/BlockPort

    Good Luck

  • bj m said:
    Hmm, then use the version that BlockPort is not totally broken. 

     

    great advise, except that all versions before 5.31.6 don't work on Windows 10 build 18363.

     

    So a better solution would be to fix the problem and release a new version.

     

  • Hmm, had to ask google.

    Windows 10 build 18363 = 1909?

    I thought 5.31.6 supports 1909?

    I'm 18362 = 1903 

    So, I'll watch from the cheap seats.

    Since, last we spoke.  I've added Template=BlockPorts, as test, to my daily rider browser.  IDK

    Regards w Respect

  • bj m said:
    Windows 10 build 18363 = 1909?

    I thought 5.31.6 supports 1909?

     

    That is correct.

  • bj m said:
    FWIW ~ I would not expect updates to Known Conflicts.

     

    On https://www.sandboxie.com/DownloadSandboxie it says " If you have any problems getting Sandboxie to work, please consult Known Conflicts and Problems and Questions."

    So yes, I was expecting updates to Known Conflicts.

Reply Children