[squeak-dev] Sandboxing (was: ZipArchive: "Error: can't find EOCD position")

Bert Freudenberg bert at freudenbergs.de
Fri Jul 25 12:08:02 UTC 2014

On 25.07.2014, at 12:48, David T. Lewis <lewis at mail.msen.com> wrote:

> On Fri, Jul 25, 2014 at 12:34:24AM -0700, Marcel Taeumel wrote:
>> Speaking of strange observations in the trunk image: What are those two
>> directories?
>> Trusted Dir C:\Tools\squeak_trunk\Marcel
>> Untrusted Dir C:\Users\Marcel\Documents\My Squeak 
>> Those are listed in the system reporter. Both leaf folders do *not* exist.
> The "My Squeak" folder is something related to Etoys. I do not see any references
> to it in the image, aside from a class comment in EToysLauncher. But I am running
> on Linux, so maybe I am missing something that shows up on your Windows platform?
> Dave

This comes from the SecurityPlugin which implements file sandboxing. In most images it is unused (although it would make a lot of sense, especially in servers). Etoys uses it because it regularly executes untrusted code (projects authored by other users, which can contain arbitrary Squeak code).

The actual folder is provided by the VM settings (Squeak.ini on Windows, Info.plist on Mac OS, env vars on Unix):

	SecurityManager default secureUserDirectory
	==> '/Users/bert/Library/Application Support/Etoys'

This is a folder inaccessible by untrusted content. Contains preferences and private crypto keys in Etoys.

	SecurityManager default untrustedUserDirectory 
	==> '/Users/bert/Documents/Etoys'

This is the sandbox folder, the only folder accessible by untrusted code. Before executing any untrusted (unsigned) code, the VM sandbox is enabled which prevents all file primitives from accessing anything outside this folder. Once enabled, there is no way to disable the sandbox again. Only on the next start will it be disabled.

- Bert -

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4142 bytes
Desc: not available
Url : http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20140725/68005a2f/smime.bin

More information about the Squeak-dev mailing list