[Ovmsdev] Moving to a production cycle
gregd2350 at gmail.com
Mon Feb 26 05:46:44 HKT 2018
Michael Balzer wrote:
> Am 25.02.2018 um 01:12 schrieb Stephen Casner:
>> In order for a module that has been configured to become useful
>> automatically after power cycles it will be necessary for the start-up
>> script(s) to execute commands that require being enabled. If that
>> requires putting an enable command with clear-text password into the
>> startup script, that's not good.
>> -- Steve
> Good point.
> How about allowing write access to event scripts on "/store" only in enabled mode and then generally run those scripts in enabled mode?
That works for me, though I thought that write access to anywhere in the
file system already required Enable access, no?
It was a bit of a surprise that the system event scripts weren't already
run with "enable" privileges. User-level scripts (initiated by the CLI)
should also require Enable access before starting them. We shouldn't
ever need to have clear-text passwords in script files.
What about Duktape scripts that can be called for Metric evaluation from
the OBDII ECU Simulator? I can imagine that someone clever could odd
things with specially crafted OBDII PID requests via pre-written
scripts. But that would require access to the OBDII CAN Bus...
More information about the OvmsDev