Relevant area(s)
Windows
Brief description of your issue
A process running as app container (process container) with brokered write access to a directory can create a junction inside that directory pointing to a path outside the sandbox's allowed filepaths. The junction is created without policy evaluation of the target and subsequent path resolution of the junction does not show the junction's target.
Steps to reproduce
Create a junction to a path that the policy has not given the process container permission to access.
Attempt to read a file from the junction path from within the process container.
Expected behavior
The process container should not be able to successfully create a junction to a path that is not within the process container's allowed paths.
When attempting to access a path that contains a junction, access request prompts should display the target of the junction instead of the pre-parse path.
Actual behavior
The process container can create a junction to a path that is outside of its allowed paths that have been specified via policy. When attempting to access that path, access prompts will display the pre-reparse path instead of the target of the junction.
Relevant area(s)
Windows
Brief description of your issue
A process running as app container (process container) with brokered write access to a directory can create a junction inside that directory pointing to a path outside the sandbox's allowed filepaths. The junction is created without policy evaluation of the target and subsequent path resolution of the junction does not show the junction's target.
Steps to reproduce
Create a junction to a path that the policy has not given the process container permission to access.
Attempt to read a file from the junction path from within the process container.
Expected behavior
The process container should not be able to successfully create a junction to a path that is not within the process container's allowed paths.
When attempting to access a path that contains a junction, access request prompts should display the target of the junction instead of the pre-parse path.
Actual behavior
The process container can create a junction to a path that is outside of its allowed paths that have been specified via policy. When attempting to access that path, access prompts will display the pre-reparse path instead of the target of the junction.