mirror of
https://github.com/openai/codex.git
synced 2026-04-30 19:32:04 +03:00
6b3d82daca
## Summary - launch Windows sandboxed children on a private desktop instead of `Winsta0\Default` - make private desktop the default while keeping `windows.sandbox_private_desktop=false` as the escape hatch - centralize process launch through the shared `create_process_as_user(...)` path - scope the private desktop ACL to the launching logon SID ## Why Today sandboxed Windows commands run on the visible shared desktop. That leaves an avoidable same-desktop attack surface for window interaction, spoofing, and related UI/input issues. This change moves sandboxed commands onto a dedicated per-launch desktop by default so the sandbox no longer shares `Winsta0\Default` with the user session. The implementation stays conservative on security with no silent fallback back to `Winsta0\Default` If private-desktop setup fails on a machine, users can still opt out explicitly with `windows.sandbox_private_desktop=false`. ## Validation - `cargo build -p codex-cli` - elevated-path `codex exec` desktop-name probe returned `CodexSandboxDesktop-*` - elevated-path `codex exec` smoke sweep for shell commands, nested `pwsh`, jobs, and hidden `notepad` launch - unelevated-path full private-desktop compatibility sweep via `codex exec` with `-c windows.sandbox=unelevated`
89 lines
2.1 KiB
TOML
89 lines
2.1 KiB
TOML
[package]
|
|
build = "build.rs"
|
|
edition = "2021"
|
|
license.workspace = true
|
|
name = "codex-windows-sandbox"
|
|
version.workspace = true
|
|
|
|
[lib]
|
|
name = "codex_windows_sandbox"
|
|
path = "src/lib.rs"
|
|
|
|
[[bin]]
|
|
name = "codex-windows-sandbox-setup"
|
|
path = "src/bin/setup_main.rs"
|
|
|
|
[[bin]]
|
|
name = "codex-command-runner"
|
|
path = "src/bin/command_runner.rs"
|
|
|
|
[dependencies]
|
|
anyhow = "1.0"
|
|
base64 = { workspace = true }
|
|
chrono = { version = "0.4.42", default-features = false, features = [
|
|
"clock",
|
|
"std",
|
|
] }
|
|
codex-utils-absolute-path = { workspace = true }
|
|
codex-utils-string = { workspace = true }
|
|
dunce = "1.0"
|
|
serde = { version = "1.0", features = ["derive"] }
|
|
serde_json = "1.0"
|
|
tempfile = "3"
|
|
windows = { version = "0.58", features = [
|
|
"Win32_Foundation",
|
|
"Win32_NetworkManagement_WindowsFirewall",
|
|
"Win32_System_Com",
|
|
"Win32_System_Variant",
|
|
] }
|
|
|
|
[dependencies.codex-protocol]
|
|
package = "codex-protocol"
|
|
path = "../protocol"
|
|
|
|
[dependencies.rand]
|
|
default-features = false
|
|
features = ["std", "small_rng"]
|
|
version = "0.8"
|
|
|
|
[dependencies.dirs-next]
|
|
version = "2.0"
|
|
|
|
[target.'cfg(windows)'.dependencies.windows-sys]
|
|
features = [
|
|
"Win32_Foundation",
|
|
"Win32_System_Diagnostics_Debug",
|
|
"Win32_Security",
|
|
"Win32_Security_Authorization",
|
|
"Win32_System_Threading",
|
|
"Win32_System_JobObjects",
|
|
"Win32_System_SystemServices",
|
|
"Win32_System_Environment",
|
|
"Win32_System_Pipes",
|
|
"Win32_System_WindowsProgramming",
|
|
"Win32_System_IO",
|
|
"Win32_System_Memory",
|
|
"Win32_System_Kernel",
|
|
"Win32_System_Console",
|
|
"Win32_Storage_FileSystem",
|
|
"Win32_System_Diagnostics_ToolHelp",
|
|
"Win32_NetworkManagement_NetManagement",
|
|
"Win32_Networking_WinSock",
|
|
"Win32_System_LibraryLoader",
|
|
"Win32_System_Com",
|
|
"Win32_Security_Cryptography",
|
|
"Win32_Security_Authentication_Identity",
|
|
"Win32_Graphics_Gdi",
|
|
"Win32_System_StationsAndDesktops",
|
|
"Win32_UI_WindowsAndMessaging",
|
|
"Win32_UI_Shell",
|
|
"Win32_System_Registry",
|
|
]
|
|
version = "0.52"
|
|
|
|
[dev-dependencies]
|
|
pretty_assertions = { workspace = true }
|
|
|
|
[build-dependencies]
|
|
winres = "0.1"
|