core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/codex-rs/app-server/src
History
iceweasel-oai 6b3d82daca
Use a private desktop for Windows sandbox instead of Winsta0\Default (#14400) 
## Summary
- launch Windows sandboxed children on a private desktop instead of
`Winsta0\Default`
- make private desktop the default while keeping
`windows.sandbox_private_desktop=false` as the escape hatch
- centralize process launch through the shared
`create_process_as_user(...)` path
- scope the private desktop ACL to the launching logon SID

## Why
Today sandboxed Windows commands run on the visible shared desktop. That
leaves an avoidable same-desktop attack surface for window interaction,
spoofing, and related UI/input issues. This change moves sandboxed
commands onto a dedicated per-launch desktop by default so the sandbox
no longer shares `Winsta0\Default` with the user session.

The implementation stays conservative on security with no silent
fallback back to `Winsta0\Default`

If private-desktop setup fails on a machine, users can still opt out
explicitly with `windows.sandbox_private_desktop=false`.

## Validation
- `cargo build -p codex-cli`
- elevated-path `codex exec` desktop-name probe returned
`CodexSandboxDesktop-*`
- elevated-path `codex exec` smoke sweep for shell commands, nested
`pwsh`, jobs, and hidden `notepad` launch
- unelevated-path full private-desktop compatibility sweep via `codex
exec` with `-c windows.sandbox=unelevated`
2026-03-13 10:13:39 -07:00
..
bin Stabilize app-server notify initialize test (#13939) 2026-03-09 23:41:58 -07:00
codex_message_processor feat: add plugin/read. (#14445) 2026-03-12 16:52:21 -07:00
message_processor fix turn_start_jsonrpc_span_parents_core_turn_spans flakiness (#14490) 2026-03-12 12:16:56 -07:00
app_server_tracing.rs feat(app-server): propagate traces across tasks and core ops (#14387) 2026-03-11 20:18:31 -07:00
bespoke_event_handling.rs Simplify permissions available in request permissions tool (#14529) 2026-03-12 21:13:17 -07:00
codex_message_processor.rs Use a private desktop for Windows sandbox instead of Winsta0\Default (#14400) 2026-03-13 10:13:39 -07:00
command_exec.rs Use a private desktop for Windows sandbox instead of Winsta0\Default (#14400) 2026-03-13 10:13:39 -07:00
config_api.rs Add plugin usage telemetry (#14531) 2026-03-12 19:22:30 -07:00
dynamic_tools.rs app-server: Replay pending item requests on thread/resume (#12560) 2026-02-27 12:45:59 -08:00
error_code.rs Enforce user input length cap (#12823) 2026-02-25 22:23:51 -08:00
external_agent_config_api.rs Support external agent config detect and import (#12660) 2026-02-25 02:11:51 -08:00
filters.rs feat: add nick name to sub-agents (#12320) 2026-02-20 14:39:49 +00:00
fuzzy_file_search.rs [app-server] add fuzzyFileSearch/sessionCompleted (#11773) 2026-02-13 15:08:14 -08:00
in_process.rs feat(app-server): propagate traces across tasks and core ops (#14387) 2026-03-11 20:18:31 -07:00
lib.rs Handle malformed agent role definitions nonfatally (#14488) 2026-03-12 11:20:31 -07:00
main.rs feat: pass helper executable paths via Arg0DispatchPaths (#12719) 2026-02-24 17:44:38 -08:00
message_processor.rs Add plugin usage telemetry (#14531) 2026-03-12 19:22:30 -07:00
models.rs Add model availability NUX metadata (#12972) 2026-02-26 22:02:57 -08:00
outgoing_message.rs feat(app-server): propagate traces across tasks and core ops (#14387) 2026-03-11 20:18:31 -07:00
server_request_error.rs app-server: Replay pending item requests on thread/resume (#12560) 2026-02-27 12:45:59 -08:00
thread_state.rs Preserve persisted thread git info in resume (#13504) 2026-03-04 17:16:43 -08:00
thread_status.rs app-server: Silence thread status changes caused by thread being created (#13079) 2026-03-03 00:52:28 +00:00
transport.rs chore(app-server): stop emitting codex/event/ notifications (#14392) 2026-03-12 00:45:20 +00:00