[Squeakland] Squeak fails to run after install: security problems?

Simon Guest simon.guest at tesujimath.org
Wed Feb 7 13:12:11 PST 2007

At Wed, 7 Feb 2007 14:40:58 +0900 (JST),
korakurider  wrote:
> > Here's the problem.  On WinXP, I install it as
> > administrator.
>    Could you confirm if Squeak run as administrator?

Sorry, of course I should have tried this already.  Yes it works fine
as administrator.

> > As soon as I try to run as a normal user, it fails ("a
> primitive has failed",
> > although the error message is in German).
>    In squeakland image, "the security plugin" is enabled
> by default.  Each user have his own crypt key file
> "squeak.keys" located in folder
> "C:\program files\squeak\plugin\(username)".
>    The folder and file are created on first run of the
> user.  Your "normal user" might not be able to create
> them.
>    A workaround is to arrange other location for them by
> "SecureDirectory" setting in Squeak.INI, that is located
> in same folder as squeak.exe.  The documentation for the
> INI file is:
> http://wiki.squeak.org/squeak/3274 .

I changed the location of the UserDirectory and the SecureDirectory in
the squeak.ini file to point into my profile, like this:

UserDirectory=%USERPROFILE%\Application Data\Squeak\UserDirectory
SecureDirectory=C:\Documents and Settings\sjg\Application Data\Squeak\SecureDirectory

This causes it all to work just fine as a normal user (sjg).  Thanks
for the suggestion. 

However, I note that environment variables are not supported in the
SecureDirectory, so it's not actually possible to set this to
different directories for different users, which would be ideal.  I
had a quick look at the file sqWin32Security.c in the VM source code.
Lines 226-230 (in the latest version) do this:

  /* Expand any environment variables in user directory. */
  dwSize = ExpandEnvironmentStrings(untrustedUserDirectory, tmp, MAX_PATH-1);
  if(dwSize > 0 && dwSize < MAX_PATH)
    strcpy(untrustedUserDirectory, tmp);

but there is no corresponding line for the SecureDirectory.  
Could I suggest a similar thing be done as this?  Otherwise it is not
in fact possible, I think, to easily set up Squeak to run for
different users from the same installation.

I'm still investigating the effect of sharing an image file between
different users, and whether I need to address this as well.

Thanks to all for the help so far.


More information about the Squeakland mailing list