Trust No Program

Open Ipc Path


OpenIpcPath is a sandbox setting in Sandboxie Ini. It specifies path patterns for which Sandboxie will not apply sandboxing for inter-process objects. This lets sandboxed programs access resources and services provided by programs running outside the sandbox.

Program Name Prefix may be specified.

Example:

   .
   .
   .
   [DefaultBox]
   OpenIpcPath=\RPC Control\IcaApi
   OpenIpcPath=\RPC Control\seclogon
   OpenIpcPath=$:program.exe

As described in Sandboxie Trace, some sandboxed programs may need access to system resources outside the sandbox, in order to function correctly. After using the Sandboxie trace facility to isolate the needed resources, this setting is used to expose the resources for use by a sandboxed program.

The first example exposes a resource provided by the Terminal Services subsystem. It can let a sandboxed program talk to that subsystem and discover other Terminal Server sessions active in the computer. But this resource can also be used to terminate programs outside the control of Sandboxie.

The second example exposes the resource provided by the Windows Run As service. It can let a sandboxed program launch another program using the credentials of a different user. However, the launched program will execute outside of the control of Sandboxie.

This setting accepts wildcards. For more information on the use of wildcards in the OpenXxxPath and ClosedXxxPath settings, see OpenFilePath.

The third example permits a program running inside the sandbox to have full access into the address space of a target process running outside the sandbox. The process name of the target process must match the name specified in the setting. When this setting is not specified, Sandboxie allows only read-access by a sandboxed process into a process outside the sandbox. This form of the OpenIpcPath setting does not support wildcards.

Note: The examples in this page, if applied, will create vulnerabilities within the sandbox. They are meant only to show why some resources are blocked, and how they can be un-blocked and exposed for use, if necessary.

Related Sandboxie Control setting: Sandbox Settings > Resource Access > IPC Access > Direct Access

Jump to
Sandboxie Ini
setting:


Global Settings:

ByteOrderMark

AlertProcess

ForceDisableSeconds
ForceDisableAdminOnly

EditAdminOnly
EditPassword
MonitorAdminOnly

ActivationPrompt


Sandbox Settings:

Enabled

FileRootPath
IpcRootPath
KeyRootPath

AutoDelete
NeverDelete
DeleteCommand

AutoRecover
AutoRecoverIgnore
RecoverFolder

AutoExec

BoxNameTitle
BorderColor
Description

CopyLimitKb
CopyLimitSilent

ForceFolder
ForceProcess
LingerProcess
LeaderProcess

NotifyInternetAccessDenied
NotifyStartRunAccessDenied

BlockDrivers
BlockFakeInput
BlockPassword
BlockSysParam
BlockWinHooks

BlockPort

DropAdminRights

OpenFilePath
OpenPipePath
ReadFilePath
WriteFilePath
ClosedFilePath

OpenKeyPath
ReadKeyPath
WriteKeyPath
ClosedKeyPath

OpenIpcPath
ClosedIpcPath

OpenWinClass
OpenClsid
OpenProtectedStorage
OpenCredentials

InjectDll
InjectDll64

ProcessLimit1
ProcessLimit2


See also:

Expandable Variables Shell Folders Program Name Prefix Deprecated Settings

Top

Sandboxie is Copyright © 2004-2017 by Sandboxie Holdings, LLC.  All rights reserved.
Sandboxie.com | Contact Author
This site has been viewed 779,659,973 times since June 2004