feat: add restricted token sandbox for Windows (#206)

* feat: add restricted token sandbox for Windows

Author: domcyrus

Cargo.toml

@@ -58,6 +58,7 @@ windows = { version = "0.62", features = [
     "Win32_NetworkManagement_Ndis",
     "Win32_Networking_WinSock",
     "Win32_Security",
+    "Win32_System_JobObjects",
     "Win32_System_LibraryLoader",
     "Win32_System_Threading",
 ] }

SECURITY.md

@@ -7,6 +7,7 @@ RustNet processes untrusted network data, making defense-in-depth security criti
 - [Landlock Sandboxing (Linux)](#landlock-sandboxing-linux)
 - [Seatbelt Sandboxing (macOS)](#seatbelt-sandboxing-macos)
 - [FreeBSD Sandboxing](#freebsd-sandboxing)
+- [Restricted Token Sandboxing (Windows)](#restricted-token-sandboxing-windows)
 - [Privilege Requirements](#privilege-requirements)
 - [Read-Only Operation](#read-only-operation)
 - [No External Communication](#no-external-communication)
@@ -121,6 +122,46 @@ On Linux, clipboard requires access to Wayland sockets (`/run/user/UID/wayland-0
 
 FreeBSD does not currently have sandboxing enabled. A full Capsicum sandbox using `cap_enter()` with `libcasper` for privileged process lookup is planned — see [ROADMAP.md](ROADMAP.md) for details.
 
+## Restricted Token Sandboxing (Windows)
+
+On Windows, RustNet removes dangerous privileges from the process token and applies a Job Object to prevent child process creation after initialization.
+
+### What Gets Restricted
+
+| Restriction | Description |
+|-------------|-------------|
+| Privilege removal | SeDebugPrivilege, SeTakeOwnershipPrivilege, SeBackupPrivilege, SeRestorePrivilege, and other dangerous privileges permanently removed |
+| Child processes | Job Object blocks creation of child processes (reverse shell, exec-based exfiltration) |
+
+### How It Works
+
+1. **Initialization phase**: RustNet opens Npcap handles and creates log files
+2. **Privilege removal**: `AdjustTokenPrivileges` with `SE_PRIVILEGE_REMOVED` permanently strips dangerous privileges from the process token
+3. **Job Object**: A Job Object with `JOB_OBJECT_LIMIT_ACTIVE_PROCESS = 1` is applied, preventing any child process creation
+
+### Security Benefits
+
+If an attacker exploits a vulnerability in DPI/packet parsing:
+- Cannot debug other processes (SeDebugPrivilege removed)
+- Cannot take ownership of arbitrary files (SeTakeOwnershipPrivilege removed)
+- Cannot bypass ACLs to read files (SeBackupPrivilege removed)
+- Cannot spawn child processes (cmd.exe, powershell.exe, curl.exe — blocked by Job Object)
+- Cannot load kernel drivers (SeLoadDriverPrivilege removed)
+
+### Limitations
+
+Windows sandboxing is weaker than Linux/macOS/FreeBSD:
+- No filesystem restriction — Windows lacks a process-wide filesystem sandbox equivalent to Landlock or Seatbelt
+- No network restriction — blocking outbound would break Npcap packet capture
+- Privilege removal only affects privileges the elevated process held
+
+### CLI Options
+
+```
+--no-sandbox        Disable privilege removal and job object
+--sandbox-strict    Require full sandbox enforcement or exit
+```
+
 ## Privilege Requirements
 
 RustNet requires privileged access for packet capture:

src/app.rs

@@ -45,13 +45,18 @@ use std::sync::{LazyLock, Mutex};
 /// Sandbox status information for UI display
 #[cfg(any(
     target_os = "linux",
+    target_os = "windows",
     all(target_os = "macos", feature = "macos-sandbox")
 ))]
 #[derive(Debug, Clone, Default)]
 pub struct SandboxInfo {
     /// Overall status description
     pub status: String,
     /// Whether network connections are blocked
+    #[cfg(any(
+        target_os = "linux",
+        all(target_os = "macos", feature = "macos-sandbox")
+    ))]
     pub net_restricted: bool,
     // Linux-specific fields (Landlock + capabilities)
     /// Whether CAP_NET_RAW was dropped
@@ -73,6 +78,16 @@ pub struct SandboxInfo {
     /// Whether filesystem write restrictions are applied
     #[cfg(all(target_os = "macos", feature = "macos-sandbox"))]
     pub fs_restricted: bool,
+    // Windows-specific fields (Restricted token + Job Object)
+    /// Whether dangerous privileges were removed
+    #[cfg(target_os = "windows")]
+    pub privileges_removed: bool,
+    /// Number of privileges removed
+    #[cfg(target_os = "windows")]
+    pub privileges_removed_count: u32,
+    /// Whether job object was applied
+    #[cfg(target_os = "windows")]
+    pub job_object_applied: bool,
 }
 
 /// Process detection status information for UI display
@@ -455,9 +470,10 @@ pub struct App {
     /// GeoIP resolver for location/ASN lookups
     geoip_resolver: Option<Arc<GeoIpResolver>>,
 
-    /// Sandbox status (Linux Landlock / macOS Seatbelt)
+    /// Sandbox status (Linux Landlock / macOS Seatbelt / Windows restricted token)
     #[cfg(any(
         target_os = "linux",
+        target_os = "windows",
         all(target_os = "macos", feature = "macos-sandbox")
     ))]
     sandbox_info: Arc<RwLock<SandboxInfo>>,
@@ -563,6 +579,7 @@ impl App {
             geoip_resolver,
             #[cfg(any(
                 target_os = "linux",
+                target_os = "windows",
                 all(target_os = "macos", feature = "macos-sandbox")
             ))]
             sandbox_info: Arc::new(RwLock::new(SandboxInfo::default())),
@@ -1767,6 +1784,7 @@ impl App {
     /// Get sandbox status information
     #[cfg(any(
         target_os = "linux",
+        target_os = "windows",
         all(target_os = "macos", feature = "macos-sandbox")
     ))]
     pub fn get_sandbox_info(&self) -> SandboxInfo {
@@ -1779,6 +1797,7 @@ impl App {
     /// Set sandbox status information
     #[cfg(any(
         target_os = "linux",
+        target_os = "windows",
         all(target_os = "macos", feature = "macos-sandbox")
     ))]
     pub fn set_sandbox_info(&self, info: SandboxInfo) {

src/cli.rs

@@ -140,6 +140,7 @@ pub fn build_cli() -> Command {
 
     #[cfg(any(
         target_os = "linux",
+        target_os = "windows",
         all(target_os = "macos", feature = "macos-sandbox")
     ))]
     let cmd = cmd

src/main.rs

@@ -134,15 +134,19 @@ fn main() -> Result<()> {
     // This must be done BEFORE Landlock is applied so the file exists when adding rules
     if let Some(ref pcap_path) = config.pcap_export_file {
         let jsonl_path = format!("{}.connections.jsonl", pcap_path);
-        if let Err(e) = std::fs::File::create(&jsonl_path).and_then(|f| {
-            #[cfg(unix)]
-            {
-                use std::os::unix::fs::PermissionsExt;
-                f.set_permissions(std::fs::Permissions::from_mode(0o600))?;
+        match std::fs::File::create(&jsonl_path) {
+            Ok(_f) => {
+                #[cfg(unix)]
+                {
+                    use std::os::unix::fs::PermissionsExt;
+                    if let Err(e) = _f.set_permissions(std::fs::Permissions::from_mode(0o600)) {
+                        warn!("Failed to set sidecar JSONL file permissions: {}", e);
+                    }
+                }
+            }
+            Err(e) => {
+                warn!("Failed to pre-create sidecar JSONL file: {}", e);
             }
-            Ok(f)
-        }) {
-            warn!("Failed to pre-create sidecar JSONL file: {}", e);
         }
     }
 
@@ -342,6 +346,65 @@ fn main() -> Result<()> {
         }
     }
 
+    // Apply restricted token sandbox (Windows only)
+    // This must be done AFTER app.start() because:
+    // - Npcap handles need to be opened first
+    // - Log files need to be created first
+    #[cfg(target_os = "windows")]
+    {
+        use network::platform::sandbox::{
+            SandboxConfig, SandboxMode, SandboxStatus, apply_sandbox,
+        };
+
+        let sandbox_mode = if matches.get_flag("no-sandbox") {
+            SandboxMode::Disabled
+        } else if matches.get_flag("sandbox-strict") {
+            SandboxMode::Strict
+        } else {
+            SandboxMode::BestEffort
+        };
+
+        let sandbox_config = SandboxConfig { mode: sandbox_mode };
+
+        match apply_sandbox(&sandbox_config) {
+            Ok(result) => {
+                let status_str = match result.status {
+                    SandboxStatus::FullyEnforced => {
+                        info!("Windows sandbox fully enforced: {}", result.message);
+                        "Fully enforced"
+                    }
+                    SandboxStatus::PartiallyEnforced => {
+                        warn!("Windows sandbox partially enforced: {}", result.message);
+                        "Partially enforced"
+                    }
+                    SandboxStatus::NotApplied => {
+                        warn!("Windows sandbox not applied: {}", result.message);
+                        "Not applied"
+                    }
+                };
+
+                app.set_sandbox_info(app::SandboxInfo {
+                    status: status_str.to_string(),
+                    privileges_removed: result.privileges_removed,
+                    privileges_removed_count: result.privileges_removed_count,
+                    job_object_applied: result.job_object_applied,
+                });
+            }
+            Err(e) => {
+                if sandbox_mode == SandboxMode::Strict {
+                    return Err(e.context("Windows sandbox enforcement required but failed"));
+                }
+                warn!("Windows sandbox error (non-strict mode): {}", e);
+                app.set_sandbox_info(app::SandboxInfo {
+                    status: "Error".to_string(),
+                    privileges_removed: false,
+                    privileges_removed_count: 0,
+                    job_object_applied: false,
+                });
+            }
+        }
+    }
+
     // Run the UI loop
     let res = run_ui_loop(&mut terminal, &app);
 

src/network/capture.rs

@@ -523,19 +523,18 @@ mod tests {
     fn test_udp_routing_resolution_can_execute() {
         // Sanity-check test to ensure the OS handles UDP metric routing cleanly.
         // It's perfectly fine if this fails in hermetic CI environments without outbound routes.
-        if let Ok(socket) = std::net::UdpSocket::bind("0.0.0.0:0") {
-            if socket.connect("8.8.8.8:53").is_ok() {
-                if let Ok(addr) = socket.local_addr() {
-                    assert!(
-                        !addr.ip().is_loopback(),
-                        "Active routed IP should not be loopback"
-                    );
-                    assert!(
-                        !addr.ip().is_unspecified(),
-                        "Active routed IP should not be unspecified"
-                    );
-                }
-            }
+        if let Ok(socket) = std::net::UdpSocket::bind("0.0.0.0:0")
+            && socket.connect("8.8.8.8:53").is_ok()
+            && let Ok(addr) = socket.local_addr()
+        {
+            assert!(
+                !addr.ip().is_loopback(),
+                "Active routed IP should not be loopback"
+            );
+            assert!(
+                !addr.ip().is_unspecified(),
+                "Active routed IP should not be unspecified"
+            );
         }
     }
 }

src/network/platform/mod.rs

@@ -115,7 +115,9 @@ pub use macos::sandbox;
 #[cfg(target_os = "macos")]
 pub use macos::{MacOSStatsProvider, create_process_lookup};
 #[cfg(target_os = "windows")]
-pub use windows::{WindowsProcessLookup, WindowsStatsProvider, create_process_lookup};
+pub use windows::sandbox;
+#[cfg(target_os = "windows")]
+pub use windows::{WindowsStatsProvider, create_process_lookup};
 
 /// Trait for platform-specific process lookup
 pub trait ProcessLookup: Send + Sync {

src/network/platform/windows/mod.rs

@@ -2,6 +2,7 @@
 
 mod interface_stats;
 mod process;
+pub mod sandbox;
 
 pub use interface_stats::WindowsStatsProvider;
 pub use process::WindowsProcessLookup;