[FAQ] Convenient yet treacherous Open File Access feature

Started by fixer, June 03, 2017, 11:25:10 AM

Previous topic - Next topic

fixer

From ReHIPS documentation:
QuoteSet access rights for the double-clicked file. Quite often we use double-click to open a file in some default program. When this program is isolated, it can't access opened file for writing in most cases (and for reading in some cases). To avoid this problem ReHIPS can grant access to the opened with double-click file.
Convinient? Unquestionably. But as you probably know something is either convenient or secure. So what's the security penalty for using this feature?

In case your isolated application goes haywire it may corrupt the file being opened as it now has write access to it - that's quite obvious and straightforward. What else?

As you probably noticed, folder the file resides in has ADD_FILE allowed access right to isolated program, it allows isolated program to create files in that folder. Why in heaven it's done, you may ask. Well, some Office versions don't care about temp folder and tend to create temp files in the same folder the file they work with resides. It fails to save file and complains if it doesn't have ADD_FILE access to the folder. So yeah, we had to take a road of convenience here and allowed that access right. It's not that dangerous, but it's good to keep that in mind.

And last, but not least - the file being opened may become infected. I must say that I haven't heard of such threat, but in theory it's possible, so forewarned is forearmed. For example our isolated environment is compromised. And compromised in a tricky way that it infects every opened file with exploit. Like compromised Word infects doc files it opens. When these files reside in ReHIPS folder, it's usually expectable as these are psychologically special folders, but it may be forgotten when the file resides in some usual folder and is opened with double-click.

As you can see opening files with double-click is pretty safe and threats described above are mostly hypothetical. I don't see any security risks when a file is double-click opened from real user profile folder. There are some usability features though.
It's discouraged to open with this feature the same file in different isolated environments simultaneously. Or if you update the file in real folder somehow (by manually copying for example) while having it opened and then close isolated environment, it'll get overwritten.

But the most secure way to work with files is through subfolders of ReHIPS folder. What is ReHIPS folder? We'll talk about this in my next blogpost (updated: here it is https://forum.rehips.com/index.php?topic=9487.0).

shmu26

When I open a Word doc via Open File Access, and I make changes, and then hit the save button, where does it save to?
I understand that after I close the doc, the doc with changes will be written back to the original location. But where does it live, in the meantime?

AFAIK there is also a safety mechanism for when the doc is closed -- it is saved in a certain hidden location until it is correctly written back into the original location. Is this right, and where is the hidden location?

fixer

There are 2 possible ways for this to go.

1. Your file is in real user profile folder. Isolated ReHIPS user doesn't have any access to real user profile folder, so the file is copied to the same path in ReHIPS user profile folder. All editing is done there. And when isolated environment is closed, it's moved back. It's also copied back on timeout (by default every 10 minutes), this is called autosync.

2. Your file is in some other folder. In this case either nothing happens if the file already has necessary access rights. Or required access rights are granted, the file is edited and when isolated environment is closed access rights are rolled back.