Does it make sense to sandbox 7-Zip/PeaZip?

[e-t-l]

I'm a little fuzzy about the risks of zip files, executables/self-executing archives, and archive managers. Does it make sense to sandbox managers like 7-Zip or PeaZip?

(the idea would be to allow it to extract/write files to arbitrary directories, but the sandbox would contain any malicious code that was executed just by viewing/extracting an archive with PeaZip. But is that even something I need to be worried about?)

[bastik-1001]

There have been attacks on parsers, which is why I sandbox the image viewer, for example. Archive extractors are not immune to attacks on their parser(s) and other components, so that it could be argued that one can gain something by sandboxing it. However, as far as I know, anything that runs in the context of the tool, will have the same capabilities to access the host, when the sandbox is configured to allow arbitrary file access.

I sandboxed a download manager, giving access to its download folder and configuration, since I did not want to recover the files. The risk is that it might delete the files or could modify them to infect them, and when I handle them without a sandbox the system could be infected. The latter is still true if I recover them to handle them outside a sandbox.

So far, I have not sandboxed an archive extractor, although I opened archives and extracted files in a sandbox, either to recover them or to run them in a sandbox. When I would do that, I'd restrict access to folders where I am expecting to extract files to, like the download folder or another user folder. Anyone with more insight, please enlighten us, whenever a sandboxed archive extractor would be safer, if configured how the initial post describes.

[ghost]

A bit off-topic, but I don't want to make yet another topic/thread. I haven't been able to use ForceProcess with Z-Zip (7zFM.exe and 7zG.exe). It doesn't and neither does Notepad++, SumatraPDF, and Tixati, and yet they all start just find if you use Sandboxie context menu... Why is that?

[offhub]

I don't know. If you think this is due to a bug, it is better to open a new bug report with the necessary information and steps.