Robert Hurlbut's Blog

Thoughts on .NET, Security, Architecture, Agility, and Databases.

This Blog

Syndication

Search

Navigation

.NET User Groups in New England

Blogs - .NET

Blogs - Agile

Sam Gentile

Blogs - Architecture

Blogs - CLR

Blogs - Security

Blogs - SQL Server

Blogs - System.Transactions

Enterprise Services (COM+) Resources

A Roadmap to EnterpriseServices

Indigo Resources

WinFx Beta 1 RC SDK

Microsoft Security Resources

Presentation resources

Recommended Books

Rotor Resources

Security Resources

Tree Surgeon - very nice tool, but security issues

Aaron showed me this new tool last night called Tree Surgeon written by Mike Roberts, and like he said, I nearly fell out of my chair! It looks fantastic! It is an open source product that creates a .NET Development Tree similar to what I have pointed to before on Mike's blog.

I really like the NUnit and NAnt folders that are created for you, as well as all the starter unit tests, NAnt tasks, Subversion client files that are described in Mike's excellent set of articles on setting up a new development tree. It can and will save a lot of time in going through the process.

I am not, though, very happy with the installation of the product. The first thing I do, as I normally do as a NON-ADMINISTRATOR on my machine, is use RunAs (invoking an application as another user -- in this case, an Administrator) to call the installation program. After installation, I don't see any program groups for my LIMITED USER. OK. So, then I fire up Aaron Margosis' excellent script MakeMeAdmin to temporarily add my LEAST PRIVILEGED USER account into the Administrator group to try to get the Program Group and other files associated with my NORMAL USER ACCOUNT. After the second attempt, I see the Program Group has been created, and it asks if I want to create a new development tree. I give it a name, and here is what I get:

Starting Tree Generation for SampleProject
Unhandled Exception thrown. Details follow:
Access to the path "C:\Program Files\Tree Surgeon\SampleProject" is denied.

If you have followed me so far, this is NOT good! Never, ever, ever, ever write to Program Files after installation. Don't do it. Learn it now as a .NET developer (a Windows developer really) -- use Isolated Storage or ask the user where they want to place data, but don't ever default to writing to Program Files. This is like writing to System32 or a Unix root directory -- just say no.

So, having gone through that, I did restart the tool using my temporary Administrator account, got my tree created, and moved it to another location. I am hoping the security-related install issues will be fixed in the next release.

Published Wednesday, April 06, 2005 8:09 AM by RHurlbut

Filed under: .NET, Security, Extreme Programming, Architecture/Patterns, Personal

Comments

# re: Tree Surgeon - very nice tool, but security issues@ Wednesday, April 06, 2005 8:17 AM

I completely agree with you here. There _MUST_ be a way to specify where the new directory structure is placed. This will be the reason why I don't fall in love with this tool.

by Aaron Weiker

# Tree Surgeon - Must Have@ Wednesday, April 06, 2005 8:31 AM

by TrackBack

# re: Tree Surgeon - very nice tool, but security issues@ Wednesday, April 06, 2005 9:46 AM

It's open source, right? We can hack it up.

by Darrell

# re: Tree Surgeon - very nice tool, but security issues@ Wednesday, April 06, 2005 10:45 AM

If it is truly "open", yes. :)

by Robert Hurlbut

# re: Tree Surgeon - very nice tool, but security issues@ Thursday, April 07, 2005 8:42 AM

Hi all,

Default output is now to My Documents. Grab the latest build from:

http://ccnetlive.thoughtworks.com/TreeSurgeon-builds/1_0_0_60/

I won't be following this comment thread, but please feel free to email the user's list.

by Mike Roberts

# re: Tree Surgeon - very nice tool, but security issues@ Thursday, April 07, 2005 1:38 PM

Thanks Mike!