Plugin Versioning Woes?

Bert Freudenberg bert at isg.cs.uni-magdeburg.de
Thu May 3 23:23:23 UTC 2001


On Thu, 3 May 2001, Raab, Andreas wrote:

> > I downloaded the image now. It doesn't even start. The
> > problem is it tries to "assure" the default directory
> > in FileDir>>startUp. It does so by walking up the dir
> > tree and looking if the directory exists. Which is of
> > course forbidden in the file sandbox -> BOOM. How can this
> > work on other platforms?
>
> The sandbox is not established until untrusted content is coming in.
> Thus, as long as we haven't loaded anything there's no reason to
> forbid file access or similar.

Well, call me paranoid or something, but I always run Squeak in secure
mode. There's a handy environment variable for this. I don't want Squeak
(or any other program) to create directories without asking.  Setting up a
suitable directory structure is the installer's responsibility. Do we
really need to do this in the image?

> The mechanisms required are implemented by SecurityManager (and the
> associated SecurityPlugin which is required for the Squeakland image
> to work).

Aha, my VM doesn't have the SecurityManager prims yet. Did someone
implement these for unix, yet? If not, is it obvious how to implement
them?

> BTW, this also means that if you're running a Squeakland image with
> content that doesn't come in through the browser (e.g., a project sent
> per email) the same restrictions apply, e.g., no matter how you try to
> load a project if it's untrusted you'll end up in the sandbox (which
> is good).

This is good, indeed, but applies to projects only, not to other "active
contents" I might receive from others.

-- Bert





More information about the Squeak-dev mailing list