View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003702 | MMW v4 | Framework: Scripts/Extensions | public | 2007-10-02 13:20 | 2010-10-09 00:36 |
| Reporter | jiri | Assigned To | |||
| Priority | urgent | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 3.0 | ||||
| Fixed in Version | 4.0 | ||||
| Summary | 0003702: Extensions: Cleanup/Support for non-Admin installation of plugins | ||||
| Description | One of our users (and also a script author) reports that he can't install Extensions at all, it seems to fail in every case - but without any meaningful error message. Extensions source should be improved, so that some probablems are reported and so user does know what's going on. This is an issue for Vista and Windows 7 | ||||
| Additional Information | http://www.mediamonkey.com/support/staff/index.php?_m=tickets&_a=viewticket&ticketid=2673 http://www.mediamonkey.com/forum/viewtopic.php?f=6&t=37531 http://www.mediamonkey.com/forum/viewtopic.php?f=6&t=36082 | ||||
| Tags | No tags attached. | ||||
| Fixed in build | 1300 | ||||
|
|
To further clarify: The error the user always gets is: 'Product installation error.' |
|
|
Fixed in build 1085. |
|
|
Fixed in build 1085. |
|
|
The user clarified that the problem is when he tries to run MM without Administrative rights - it probably can't write to {Program files} folder then. In order to fix this, we have to add support for Vista 'elevation' feature, so that user can give MM chance to do necessary stuff. This is non-trivial though... A good description of the problem is here: http://channel9.msdn.com/Showpost.aspx?postid=209647 |
|
|
Per discussion--we'll defer this to 3.01 to: 1) improve the error message (if necessary) 2) fix the issue |
|
|
As each MMIP while installing needs to have access to "c:\Documents and Settings\All Users\Application Data\MediaMonkey\"(Win XP) and "c:\Users\All Users\MediaMonkey\" (Vista). Under Vista that folder is considered System folder and it is locked by UAC. For more info See http://lists.runrev.com/pipermail/use-revolution/2007-February/094217.html I wonder If Complete Switch to User Installation Would Solve all issues: - Using CSIDL_APPDATA (for all native scripts that come with MM installation and User Installed Skins including MM.DB and MediaMonkey.ini due to portability) - Using CSIDL_LOCAL_APPDATA (for extensions.ini and all Installed Scripts) MSDN Reference http://msdn.microsoft.com/en-us/library/ms995853.aspx I'm suggesting that this kind of Approach should Increase MediaMonkey Security and safety apron to Malware Applications, trojans, spywares, ... |
|
|
Reminder sent to: jiri, Ludek, petr, rusty That issue raised another security issue I have been talked with Petr on IM. MM currently is not safest Application and can be exploited very very easily thrum scripting. |
|
|
This is a very common complaint in the forums. Anything we can do for 3.1? |
|
|
I don't see anything we could do easily about this issue, for 4.0 we should completely redesign installation of scripts. |
|
|
I agree with Jiri, there are lots of holes that needs to be corrected. |
|
|
For now things that we need to look after: - Using Non Limited folder but not so easy accessible (like Registering only MM class to access the folder similar to Windows XP/Vista/7 "System Volume Information" system folder where Windows Restore points are saved where admins need to manually change access right and add themselves to allowed list). - Authentication of registered/signed plugins (similar how firefox handles it) - Better Update/Compatibility Checking - Secure access warning/limitations |
|
|
Resolved in build 1300. Resolved by resolving issue 0004912 where we added ability to install scripts to the current user's folders only. |
|
|
Verified 1314 |
