[Ovmsdev] Fwd: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode

Mark Webb-Johnson mark at webb-johnson.net
Sun Mar 11 21:27:30 HKT 2018


It seems that event scripts are run in insecure console mode. That doesn’t seem right.

I thought we were protecting these so that only secure commands could create these scripts (vfs edit, append, cp, etc), but the scripts themselves ran secure? Otherwise, on a module with a password, how do you run scripts on startup? Putting ‘enable …’ in the script itself is inherently insecure.

Anyway, I changed it to run these event scripts in secure mode. If that’s not right, let’s discuss it here…

The other issue here is that these scripts may crash the system, so perhaps they should follow the ‘auto’ system as well? Only run event scripts if a corresponding ‘auto’ config is set (can default to true), and the auto system is not temporarily disabled due to too many crashes?

Regards, Mark.

> Begin forwarded message:
> 
> From: GitHub <noreply at github.com>
> Subject: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode
> Date: 11 March 2018 at 9:20:54 PM HKT
> To: mark at webb-johnson.net
> Reply-To: GitHub <noreply at github.com>
> 
>  Branch: refs/heads/master
>  Home:   https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3
>  Commit: 037bddc3e6efa60c70c1fca36b0e0400c87bafe1
>      https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037bddc3e6efa60c70c1fca36b0e0400c87bafe1
>  Author: Mark Webb-Johnson <mark at webb-johnson.net>
>  Date:   2018-03-11 (Sun, 11 Mar 2018)
> 
>  Changed paths:
>    M vehicle/OVMS.V3/main/ovms_script.cpp
> 
>  Log Message:
>  -----------
>  OVMS event scripts are run in secure mode
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20180311/131d46d9/attachment.htm>


More information about the OvmsDev mailing list