Audit Windows Sandbox Policies Following Codex Permission Handling Fixes
OpenAI · Developer Tools · · notable
Briefing for: Security & Risk
What happened
Codex v0.120.0 addresses vulnerabilities and functional gaps in the Windows elevated sandbox, specifically for split filesystem policies and symlinked writable roots. It also improves remote connection security by properly initializing the Rustls crypto provider.
Why it matters
Incorrect sandbox permission handling can lead to either service failure or unintentional data access. These fixes ensure that read-only carveouts under writable roots are properly respected, which is critical for maintaining data integrity when agents perform file-level operations.
What this enables
- If you perform security audits on AI tooling, verify that your Windows filesystem policies align with the new 'elevated vs restricted-token' sandbox split documented in the README.
- If your agents interact with sensitive local data, test the updated sandbox to ensure symlinked writable roots do not bypass intended restrictions.
Get personalized AI briefings for your role at Changecast →