[Squeakland] Squeak fails to run after install: security problems?
Markus Schlager
m.slg at gmx.de
Sat Feb 10 15:39:45 PST 2007
On Wed, 7 Feb 2007, Simon Guest wrote:
> > A workaround is to arrange other location for them by
> > "SecureDirectory" setting in Squeak.INI, that is located
> > in same folder as squeak.exe. The documentation for the
> > INI file is:
> > http://wiki.squeak.org/squeak/3274 .
>
> I changed the location of the UserDirectory and the SecureDirectory in
> the squeak.ini file to point into my profile, like this:
>
> [Security]
> UserDirectory=%USERPROFILE%\Application Data\Squeak\UserDirectory
> SecureDirectory=C:\Documents and Settings\sjg\Application Data\Squeak\SecureDirectory
>
> This causes it all to work just fine as a normal user (sjg). Thanks
> for the suggestion.
>
> However, I note that environment variables are not supported in the
> SecureDirectory, so it's not actually possible to set this to
> different directories for different users, which would be ideal. I
> had a quick look at the file sqWin32Security.c in the VM source code.
> Lines 226-230 (in the latest version) do this:
>
> /* Expand any environment variables in user directory. */
> dwSize = ExpandEnvironmentStrings(untrustedUserDirectory, tmp, MAX_PATH-1);
> if(dwSize > 0 && dwSize < MAX_PATH)
> strcpy(untrustedUserDirectory, tmp);
>
> but there is no corresponding line for the SecureDirectory.
> Could I suggest a similar thing be done as this? Otherwise it is not
> in fact possible, I think, to easily set up Squeak to run for
> different users from the same installation.
>
Running squeak on Linux-machines, I'd apprechiate such a solution, too.
For the moment I'm using forced symbolic links, which works, but is
complicated, since the computers at our school are so-called
multiseat-systems, whence up to four users are using the same image
simultaniously at the same time.
> I'm still investigating the effect of sharing an image file between
> different users, and whether I need to address this as well.
No problem with this on Linux - in my case, the image-file is
write-protected.
Markus
-----------------------------------------------
Markus Schlager m.slg(at)gmx.de
More information about the Squeakland
mailing list