[Squeakland] Squeak fails to run after install: security problems?

Markus Schlager m.slg at gmx.de
Sat Feb 10 15:39:45 PST 2007 

On Wed, 7 Feb 2007, Simon Guest wrote:

> >    A workaround is to arrange other location for them by
> > "SecureDirectory" setting in Squeak.INI, that is located
> > in same folder as squeak.exe.  The documentation for the
> > INI file is:
> > http://wiki.squeak.org/squeak/3274 .
> 
> I changed the location of the UserDirectory and the SecureDirectory in
> the squeak.ini file to point into my profile, like this:
> 
> [Security]
> UserDirectory=%USERPROFILE%\Application Data\Squeak\UserDirectory
> SecureDirectory=C:\Documents and Settings\sjg\Application Data\Squeak\SecureDirectory
> 
> This causes it all to work just fine as a normal user (sjg).  Thanks
> for the suggestion. 
> 
> However, I note that environment variables are not supported in the
> SecureDirectory, so it's not actually possible to set this to
> different directories for different users, which would be ideal.  I
> had a quick look at the file sqWin32Security.c in the VM source code.
> Lines 226-230 (in the latest version) do this:
> 
>   /* Expand any environment variables in user directory. */
>   dwSize = ExpandEnvironmentStrings(untrustedUserDirectory, tmp, MAX_PATH-1);
>   if(dwSize > 0 && dwSize < MAX_PATH)
>     strcpy(untrustedUserDirectory, tmp);
> 
> but there is no corresponding line for the SecureDirectory.  
> Could I suggest a similar thing be done as this?  Otherwise it is not
> in fact possible, I think, to easily set up Squeak to run for
> different users from the same installation.
> 

Running  squeak on Linux-machines, I'd apprechiate such a solution, too. 
For the moment I'm using forced symbolic links, which works, but is 
complicated, since the computers at our school are so-called 
multiseat-systems, whence up to four users are using the same image 
simultaniously at the same time.

> I'm still investigating the effect of sharing an image file between
> different users, and whether I need to address this as well.

No problem with this on Linux - in my case, the image-file is 
write-protected.

Markus
-----------------------------------------------
 Markus Schlager               m.slg(at)gmx.de

More information about the Squeakland mailing list