Hire a senior Perl / Python programmer today; download my up-to-date resume (PDF)
John Bokma MexIT
freelance Perl programmer

Launchy has a LUA bug

Friday, July 14, 2006 | 5 comments

Edit: Josh Karlin commented to this blog post that the LUA bug has been fixed. Thanks Josh!

Last night I installed Launchy, the open source keystroke launcher for Microsoft Windows (not the Firefox extension with the same name). I had read about this program a few times on the Internet, and decided to give it a try since typing (a part of) the name of an application to start it sounds very handy to me.

So I downloaded the small program, and installed it with Administrator rights. Next I started the program as user "John" a Limited User Account (LUA), since to me that is a sound way to work. First thing I wanted to do was adding my own directories for scanning and after pressing OK was greeted with the following.

Launchy.ini was not found.
Launchy.ini was not found.

At first I misread the warning, and thought I had to create launchy.ini in C:\Documents and Settings\John\, which I did. But this didn't work (of course), and I got the same error again. Then I noticed that Launchy actually wants to create an ini file in C:\Program Files\Launchy\Users\John\, a directory a user with limited rights shouldn't have access to. Shock, horror! What was the author, Josh Karlin, of this program thinking? Especially with a statement like "Launchy is developed to run on XP". Does Josh Karlin develop software with Administrator rights? Doesn't sound very smart to me, to say the least, but that's his decision. But releasing an application that relies on Administrator rights for one of its basic functions sounds clueless to me. Badly written software like this promotes unsecure usage of Windows XP, and indirectly contributes to a lot of malware issues in my opinion. What amazes me even more is that I haven't read about this issue before in the several reviews I read about this program. Do that many people just run everything as Administrator?

Yesterday I looked for a way to contact the author, but couldn't find his email address. I couldn't be bothered to sign up with SourceForge so I decided to write about it in my blog.

Recommended fix for Launchy

The fix for Launchy is extremely simple, instead of attempting to store an ini file in a sub folder of Launchy in the Program Files directory, where it shouldn't be located, the environment variable APPDATA (Application Data, hint!) should be used, which holds the per user folder for Application Data. And guess what launchy.ini is. Yes: application data.

Workaround for the Launchy LUA bug

Today I tried the workaround for the Launchy LUA bug I had in mind yesterday. Note that this is a temporary fix until, hopefully, Josh Karlin fixes this issue.

First, login with Administrator rights (I used Windows Logo + L to go to the login screen) and create the Users folder in the Launchy folder (C:\Program Files\Launchy\). Inside the Users folder, create a folder for the user with limited access, in my case John.

Select Users or Groups: John.
Select Users or Groups: John.

Next, select this folder, press the right mouse button, and select Properties entry in the context menu. Select the Security tab in the Properties dialog window and check if the user is in the "Group or user names" list. In my case, "John" wasn't, so I selected the "Add.." button and entered my name in the "Select Users or Groups" dialog window, pressed OK and "John" showed up in the "Group or user names" list.

Note that I allow only one limited user access to the "John" folder, the user "John". You might be tempted to allow all (limited) users access to the Users folder, so Launchy has no problems creating the per user folder and the files in the per user folder. Don't do this for security reasons.

Properties of folder John.
Properties of folder John.

Next, select the right user in the "Group or user names" list. Notice that the title of the dialog window changes accordingly (in my case "John Properties"). Set the following permissions to allow: List Folder Contents, Read, and Write and press the OK button.

Launchy per user files.
Launchy per user files.

Finally log back in as limited user and restart Launchy. The program no longer should complain about not being able to create launchy.ini and if you open your "Users" directory two files should be created: launchy.db and the now well known launchy.ini

Launchy in action (Black Glass skin).
Launchy in action (Black Glass skin).

Launchy and LUA bug related

Also today

Please post a comment | read 5 comments, latest by John Bokma | RSS feed