[Squeakland] Squeak fails to run after install: security problems?
Simon Guest
simon.guest at tesujimath.org
Wed Feb 7 13:12:11 PST 2007
At Wed, 7 Feb 2007 14:40:58 +0900 (JST),
korakurider wrote:
>
> > Here's the problem. On WinXP, I install it as
> > administrator.
> Could you confirm if Squeak run as administrator?
Sorry, of course I should have tried this already. Yes it works fine
as administrator.
>
> > As soon as I try to run as a normal user, it fails ("a
> primitive has failed",
> > although the error message is in German).
> In squeakland image, "the security plugin" is enabled
> by default. Each user have his own crypt key file
> "squeak.keys" located in folder
> "C:\program files\squeak\plugin\(username)".
> The folder and file are created on first run of the
> user. Your "normal user" might not be able to create
> them.
>
> A workaround is to arrange other location for them by
> "SecureDirectory" setting in Squeak.INI, that is located
> in same folder as squeak.exe. The documentation for the
> INI file is:
> http://wiki.squeak.org/squeak/3274 .
I changed the location of the UserDirectory and the SecureDirectory in
the squeak.ini file to point into my profile, like this:
[Security]
UserDirectory=%USERPROFILE%\Application Data\Squeak\UserDirectory
SecureDirectory=C:\Documents and Settings\sjg\Application Data\Squeak\SecureDirectory
This causes it all to work just fine as a normal user (sjg). Thanks
for the suggestion.
However, I note that environment variables are not supported in the
SecureDirectory, so it's not actually possible to set this to
different directories for different users, which would be ideal. I
had a quick look at the file sqWin32Security.c in the VM source code.
Lines 226-230 (in the latest version) do this:
/* Expand any environment variables in user directory. */
dwSize = ExpandEnvironmentStrings(untrustedUserDirectory, tmp, MAX_PATH-1);
if(dwSize > 0 && dwSize < MAX_PATH)
strcpy(untrustedUserDirectory, tmp);
but there is no corresponding line for the SecureDirectory.
Could I suggest a similar thing be done as this? Otherwise it is not
in fact possible, I think, to easily set up Squeak to run for
different users from the same installation.
I'm still investigating the effect of sharing an image file between
different users, and whether I need to address this as well.
Thanks to all for the help so far.
cheers,
Simon
More information about the Squeakland
mailing list