(defun _SFSP+ ( lst / str )
(setenv "ACAD"
(strcat (setq str (vl-string-right-trim ";" (getenv "ACAD"))) ";"
(apply 'strcat
(mapcar (function (lambda ( x ) (strcat x ";")))
(vl-remove-if
(function
(lambda ( x )
(or (vl-string-search (strcase x) (strcase str))
(not (findfile x))
)
)
)
(mapcar
(function
(lambda ( x )
(vl-string-right-trim "\\" (vl-string-translate "/" "\\" x))
)
)
lst
)
)
)
)
)
)
)
(_SFSP+ '("F:"))
(_SFSP+ '("F:\\ACAD\\acad2009"))
(_SFSP+ '("F:\\ACAD\\acad2009\\lisp"))
(_SFSP+ '("F:\\ACAD\\acad2009\\menu"))
(_SFSP+ '("F:\\ACAD\\acad2009\\menu\\bmp"))
(_SFSP+ '("F:\\ACAD\\acad2009\\dcl"))
(_SFSP+ '("F:\\ACAD\\acad2009\\scripts"))
(_SFSP+ '("F:\\ACAD\\acad2009\\templates"))
(_SFSP+ '("F:\\ACAD\\acad2009\\hatch pats"))
(_SFSP+ '("F:\\ACAD\\BLOCKS"))
(_SFSP+ '("F:\\ACAD ARCHIVE"))
Replace (getenv "ACAD") with (getvar 'trustedpaths). Also replace (setenv "ACAD" with (setvar 'trustedpaths . I'd think that would do it.
Alternatively you could run your original code and then run (setvar 'trustedpaths (getenv "ACAD")). :-)
When TRUSTEDPATHS includes a folder that ends with \... (backslash and three dots), all of its subfolders are also trusted.
(setvenv 'trustedpaths "F:\\...")
@andrew_nao: Note that my _SFSP+ function accepts a list of multiple support paths, you needn't supply each path in a separate list to be evaluated as separate expressions.
Try (setvar 'secureload 0).
Try (setvar 'secureload 0).
When TRUSTEDPATHS is set to "" (an empty string) or "." (a period), there are no trusted folder paths in addition to the implicitly trusted ones.
To minimize the possibility of loading and executing malicious code, always set the TRUSTEDPATHS system variable to unique, read-only folders where your authorized applications are located. This includes the following file types:
ARX, DBX, CRX, HDI files
LSP, FAS, VLX, MNL, SCR files
.NET assemblies
VBA macros (DVB files)
acad.rx
JavaScript
DLL files
Given that TRUSTEDDOMAINS (http://docs.autodesk.com/ACD/2014/ENU/files/GUID-BA2AE331-A1EB-4617-B321-697D77746545.htm) allows for the * wildcard; mewonders if TRUSTEDPATHS does as well (i.e., trust everything), given that:QuoteWhen TRUSTEDPATHS is set to "" (an empty string) or "." (a period), there are no trusted folder paths in addition to the implicitly trusted ones.
... I don't have 2014 installed here (yet).
Given that TRUSTEDDOMAINS (http://docs.autodesk.com/ACD/2014/ENU/files/GUID-BA2AE331-A1EB-4617-B321-697D77746545.htm) allows for the * wildcard; mewonders if TRUSTEDPATHS does as well (i.e., trust everything), given that:QuoteWhen TRUSTEDPATHS is set to "" (an empty string) or "." (a period), there are no trusted folder paths in addition to the implicitly trusted ones.
... I don't have 2014 installed here (yet).
I tried the wildcard and it did not work.
Also worthy of note, is this line from the TRUSTEDPATHS (http://docs.autodesk.com/ACD/2014/ENU/files/GUID-2FB4611D-F141-48D5-9B6E-460EB59351AF.htm) documentation:QuoteWhen TRUSTEDPATHS includes a folder that ends with \... (backslash and three dots), all of its subfolders are also trusted.
Example:Code: [Select](setvenv 'trustedpaths "F:\\...")
(setvenv 'trustedpaths "A:\\...;B:\\...;C:\\...;D:\\...;E:\\...;F:\\...;G:\\...;H:\\...;I:\\...;J:\\...;K:\\...;L:\\...;M:\\...;N:\\...;O:\\...;P:\\...;Q:\\...;R:\\...;S:\\...;T:\\...; " )
:evil:
Code: [Select](setvenv 'trustedpaths "A:\\...;B:\\...;C:\\...;D:\\...;E:\\...;F:\\...;G:\\...;H:\\...;I:\\...;J:\\...;K:\\...;L:\\...;M:\\...;N:\\...;O:\\...;P:\\...;Q:\\...;R:\\...;S:\\...;T:\\...; " ):evil:
Code: [Select](setvenv 'trustedpaths "A:\\...;B:\\...;C:\\...;D:\\...;E:\\...;F:\\...;G:\\...;H:\\...;I:\\...;J:\\...;K:\\...;L:\\...;M:\\...;N:\\...;O:\\...;P:\\...;Q:\\...;R:\\...;S:\\...;T:\\...; " ):evil:
You read my mind, for if/when the attempt to utilize this new feature becomes intolerable. :kewl:
(defun c:trustall ( / fso lst )
(if (setq fso (vlax-create-object "scripting.filesystemobject"))
(progn
(vl-catch-all-apply
'(lambda ( )
(vlax-for drv (vlax-get fso 'drives)
(setq lst (vl-list* ";" (vlax-get drv 'driveletter) ":\\..." lst))
)
)
)
(vlax-release-object fso)
(setvar 'trustedpaths (apply 'strcat (cdr lst)))
)
)
)
(vl-load-com)
Yeah .. I looked at the securepath option and abandoned. These new security features may be wanted by others .. but not me. :-P
< .... > I think Kerry hit the nail on the head with the permanent ham-fisted solution. < ... >
My post was more in the vein of 'I know this is going to happen' rather than 'I suggest you do this'Funny aint it? Adesk goes and introduces some "security" measure and the very first thing the users are looking for is: "how to break it so we can actually use the damned product"
“You cannot have usability in a security system without sensitivity to the work being done,” said Gonen. “When CISOs focus on assets and technical mechanisms, not on the experience of users in doing their work, systems fail from day one and users immediately start working around approved practices, which increases risk even further.”
Try (setvar 'secureload 0).
also tried that, didnt seem to do anything even setting it to 0 didnt help
anything loading out of the "trustedpaths" path, wont load. (for me anyway)
im also on a 30 day trial as im waiting for my copy to arrive in the mail
nothing i do makes this trustedpaths option work
my files simply wont load unless the paths are in the support file search path
nothing i do makes this trustedpaths option work
my files simply wont load unless the paths are in the support file search path
This requires clarification... How have you been attempting to load your 'files' if not in SFSP?
Specific example would be helpful.
nothing i do makes this trustedpaths option work
my files simply wont load unless the paths are in the support file search path
This requires clarification... How have you been attempting to load your 'files' if not in SFSP?
Specific example would be helpful.
i have my files listed in the support path to make them work, if i list them in trustedpaths they dont work
Code: [Select](setvenv 'trustedpaths "A:\\...;B:\\...;C:\\...;D:\\...;E:\\...;F:\\...;G:\\...;H:\\...;I:\\...;J:\\...;K:\\...;L:\\...;M:\\...;N:\\...;O:\\...;P:\\...;Q:\\...;R:\\...;S:\\...;T:\\...; " ):evil:
nothing i do makes this trustedpaths option work
my files simply wont load unless the paths are in the support file search path
This requires clarification... How have you been attempting to load your 'files' if not in SFSP?
Specific example would be helpful.
i have my files listed in the support path to make them work, if i list them in trustedpaths they dont work
That suggests that your 'load' call does not include the file path where your file is stored.
I haven't done enough testing to observe that TrustedPaths are, or are not included in LISP's Load function's ability to 'find' the file name parameter in SFSP if not specified, for example:Code - Auto/Visual Lisp: [Select]
That said, and since this is not specified in the online help, I suspect that TrustedPaths is used as a second stage filter... Meaning that, in the example of a LISP (not sure what code file(s) you're wanting to load), the file path would need to be qualified in both SFSP (in order to be found), and TrustedPaths (for authorization).
Admittedly, speculation on my part... If someone knows better, please feel free to correct.
ok so far what i got is
secureload 0 allows files to load without issues
and secureload 2 wont allow files to load at all
and secureload 1 loads files but gives a warning
ok so far what i got is
secureload 0 allows files to load without issues
and secureload 2 wont allow files to load at all
and secureload 1 loads files but gives a warning
Seems like all is functioning normally now, so there's no use for the Trust* LISP routines posted previously (which is a good thing, IMO).
Thanks for being willing / able to test that, andrew_nao. Much appreciated.
my script files dont work
in the same directory as my lisps.
the lisp work fine but not my script files...
*sigh*
my script files dont work
in the same directory as my lisps.
the lisp work fine but not my script files...
*sigh*
Not loading, or they're not working (i.e., an error, etc.)?
What are SecureLoad, and TrustedPaths set to (we've discussed several combinations)?
got it working..
spell check
spell check
spell check
spell check
directory paths need to be in BOTH support file search path AND trustedpaths
and securemode set to 2
this will allow files to load from those paths only.
(_sfsp+ '("F:" "F:\\ACAD\\acad2009"
"F:\\ACAD\\acad2009\\lisp" "F:\\ACAD\\acad2009\\menu"
"F:\\ACAD\\acad2009\\menu\\bmp" "F:\\ACAD\\acad2009\\dcl"
"F:\\ACAD\\acad2009\\scripts" "F:\\ACAD\\acad2009\\templates"
"F:\\ACAD\\acad2009\\hatch pats" "F:\\ACAD\\BLOCKS"
"F:\\ACAD ARCHIVE"
)
)
(setvar 'trustedpaths (getenv "ACAD"))(setvar 'secureload 0)
So essentially?Code: [Select](_sfsp+ '("F:" "F:\\ACAD\\acad2009"
"F:\\ACAD\\acad2009\\lisp" "F:\\ACAD\\acad2009\\menu"
"F:\\ACAD\\acad2009\\menu\\bmp" "F:\\ACAD\\acad2009\\dcl"
"F:\\ACAD\\acad2009\\scripts" "F:\\ACAD\\acad2009\\templates"
"F:\\ACAD\\acad2009\\hatch pats" "F:\\ACAD\\BLOCKS"
"F:\\ACAD ARCHIVE"
)
)
(setvar 'trustedpaths (getenv "ACAD"))
Or sledghammer :-PCode: [Select](setvar 'secureload 0)
So essentially?:Code: [Select](setvar 'trustedpaths (getenv "ACAD"))
So essentially?Code: [Select](_sfsp+ '("F:" "F:\\ACAD\\acad2009"
"F:\\ACAD\\acad2009\\lisp" "F:\\ACAD\\acad2009\\menu"
"F:\\ACAD\\acad2009\\menu\\bmp" "F:\\ACAD\\acad2009\\dcl"
"F:\\ACAD\\acad2009\\scripts" "F:\\ACAD\\acad2009\\templates"
"F:\\ACAD\\acad2009\\hatch pats" "F:\\ACAD\\BLOCKS"
"F:\\ACAD ARCHIVE"
)
)
(setvar 'trustedpaths (getenv "ACAD"))
Or sledghammer :-PCode: [Select](setvar 'secureload 0)
dont even need all that just a F:\... works for ALL those paths
the "..." includes sub folders.
if the path is something OTHER then F:\ (in my case) then the path needs to be included
That said, and since this is not specified in the online help, I suspect that TrustedPaths is used as a second stage filter... Meaning that, in the example of a LISP (not sure what code file(s) you're wanting to load), the file path would need to be qualified in both SFSP (in order to be found), and TrustedPaths (for authorization).
Admittedly, speculation on my part... If someone knows better, please feel free to correct.
all this could have been avoided if the documentation stated the paths need to be in BOTH places
Look at your seach paths, you'd also find the paths to the 'applicationplugins*.bundle' folders even they are trusted by default.
This is just a way to force every developer to use the new autoload system and the plugin exchange system.Yes, I figured as much. But what they failed to realize is that most admin use stuff like an ACad.LSP or ACadDoc.LSP in a shared folder to ensure certain settings are properly adjusted for all in the company. So now the admin also have to create their own form of "plugin" simply to set company-wide settings, i.e. disallowing a shared common settings code (seeing as the autoloader would either need to be in one of the local plugins folders or the trusted paths & SFSP need to be adjusted to point to the shared folder - again defeating the purpose).
This is just a way to force every developer to use the new autoload system and the plugin exchange system.
But what they failed to realize is that most admin use stuff like an ACad.LSP or ACadDoc.LSP in a shared folder to ensure certain settings are properly adjusted for all in the company.
i have no idea what this plugin business is about though.
From other discussions, this could be groundwork being laid to ensure compatibility with future government and/or industry regulations.And we all know how "informed" those things can be :lmao: . It's usually as if the legislators think that computers work the way depicted in those NCIS/CSI/etc. farces! :ugly: I shudder to think what they actually have in mind.
I do not think it will search subdirectories in Support File Search Path so if they have to be in both you would have to provide path to directory containing lisp file.
Not sure I understand the problem. SFSP has always been required for (load ...) if an explicit path isn't provided. The documentation for the trusted paths makes no mention of modifying any of this behavior, just preventing loading for files which are not in the trusted paths. These may or may not include the SFSP depending on whether an explicit path is provided for (load ...). Am I missing something?^ 1+
Not sure I understand the problem. SFSP has always been required for (load ...) if an explicit path isn't provided. The documentation for the trusted paths makes no mention of modifying any of this behavior, just preventing loading for files which are not in the trusted paths. These may or may not include the SFSP depending on whether an explicit path is provided for (load ...). Am I missing something?^ 1+
see i understood it as acad now will include subdirectories if the ... was placed for all paths.
now that i changed it around to include all paths in the search file support path and just a ... for the trusted paths it appears to be working.
It would be nice if the support paths would include subdirectories.I could see that being a boon and a curse depending on where you put your LISP files. If there is a tremendous amount of subfolders and files in the same location, it could cause long search times when LISP commands are invoked, unless I misunderstand how search paths are accessed and when.
Not just LISP - pretty much *everything* in AutoCAD goes through the SFSP to find the first instance of a file. Thats the reason I put in a wish list item a while back to revamp the SFSP registry storage from a single semi-colon separated string (which has its own issues) and uses separate registry sub-keys for each path, along with a search-depth integer value. This could now incorporate a trusted path -like boolean flag value as well. This would allow managed/protected network search folders to be considered "trusted" and local folders to be not trusted and preventing local execution.
Local application bundles, users trying to override company acaddoc.lsp file using one in the application install folder, and so on. Don't put too much weight on the "Trusted" moniker, its just a handy reference name. It could just as easily be "Do no warn when loading files from here", but thats a little Pentagon-ish. :lol:
Further, while SecureLoad has merit, this illustrates just how poorly thought out TrustedPaths is, as SFSP *should* be the core of what is implicitly trusted from the outset.Makes the most sense! Both those settings are simply registry entries. So it's not as if someone could add to SFSP but not TrustedPaths - it's not any more secure. As the simplest implementation I'd have said: All folders in SFSP should be implicitly "trusted" and TrustedPaths should only be used to extend explicit path trusting for such stuff as load statements with full paths in their arguments. IMO, that is what adesk should have done if they spent anything more than 2 seconds to plan this thing.
I could see that being a boon and a curse depending on where you put your LISP files. If there is a tremendous amount of subfolders and files in the same location, it could cause long search times when LISP commands are invoked, unless I misunderstand how search paths are accessed and when.All too true. Just think of how acad slows down when there's just one non-existent path listed in the SFSP. Then place a windows explorer on the root path and type into the search box the word "acaddoc.lsp" ... see how long it takes to find the first of those (if at all). ACad is going to take just as long (at best) for each of the files it would need to find (including all the other auto-loading stuff as well as hatch patterns, etc. etc. etc.). I would steer clear of using such in a search path in this case, acad is slow enough as it is.
If they wanted to get really clever, they could set the order via a simple list ala the most-recently-used settings elsewhere.Yep, this idea would be a lot more comprehensive without making life more difficult for an admin (at least not by much). Would probably need to have the default for Trusted=True and Depth=1, so it works similar to the old SFSP by default and can be adjusted where needed. But I don't think lots of people would be using the trused=0 idea here, the subfolder depth might be used quite often.
;I don't claim any code. I probably wrote it. I probably didn't write it. I probably wrote it. ...I don't recall.
(defun vl:string->list (str delim / lst loc)
(while (setq loc (vl-string-search delim str))
(setq lst (append lst (list (substr str 1 loc)))
str (substr str (1+ (+ loc (strlen delim)))))
)
(append lst (list str))
)
(defun vl:list->string (delim ls / out)
(setq out (apply 'strcat (mapcar (function (lambda (x) (strcat x delim))) ls)))
(if out (vl-string-right-trim delim out) "")
);defun list->string
;it doesn't hurt to add the same path multiple times. Autocad takes care of duplicates
;as well as the adding a single ";<path>".
;Ex. (AddTrustedPath "c:\\temp")
(defun AddTrustedPath (addpath / )
(setvar 'trustedpaths (strcat (getvar 'trustedpaths) ";" addpath))
);defun AddTrustedPath
;Ex. (RemoveTrustedPath "c:\\temp")
(defun RemoveTrustedPath (rpath / )
(setvar 'trustedpaths
(vl:list->string ";"
(vl-remove-if (function (lambda (path)
(eq (strcase path) (strcase rpath))
));function
(vl:string->list (getvar 'trustedpaths) ";")
);vl-remove-if
);vl:list->string
);setvar
);defun RemoveTrustedPath
;Ex. (loadTrustedPaths "P:\\AutoCAD2014\\CompanySupportPaths.txt")
;file content should include use regular path separators (not list "\\" type)
;keep the file clean and accurate - no checking.
(defun loadTrustedPaths (srcfile / sf cLine)
(if (setq sf (open srcfile "r"))
(progn
(while (setq cLine (read-line sf))
(if (and
(> (strlen cLine) 2)
(/= "" (setq cLine (vl-string-left-trim " " (vl-string-right-trim " " cLine)))))
(AddTrustedPath cLine)
);if line has content
);while
(close sf nil)
);progn
(princ (strcat "\n File could not be opened: " srcfile))
);if file open
);defun loadTrustedPaths