[Ovmsdev] Fwd: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode
Mark Webb-Johnson
mark at webb-johnson.net
Tue Mar 13 09:53:52 HKT 2018
Greg,
I think we can improve the reliability of Duktape calls. At the moment, we let their normal abort handlers do their thing - and that is a complete abort and CPU reset. There are hooks in Duktape to catch those exceptions and handle appropriately. I’ll have a look at it when I have more time.
Regards, Mark.
> On 12 Mar 2018, at 1:39 AM, Greg D. <gregd2350 at gmail.com> wrote:
>
> Thanks for the change. Back before I had the flash corruption (and had to erase everything and start over), I had a module password set. All the event scripts, including system.start, had to begin with an "enable blablabla" statement, in clear text. That felt really wrong.
>
> What about scripts that are launched by other tasks, e.g. the Duktape scripts that the obd2ecu task can use to customize metrics? I presume they are the same (run as secure), right? But, it's really easy for them to crash the system with a stack overflow or random Duktape error. Best bet would be to catch these and just return zero, but right now it's a very fragile system. Would those errors (which could occur some randomly long time after boot, e.g. a metric-based divide-by-zero) trigger the disabling of auto init?
>
> Greg
>
>
> Mark Webb-Johnson wrote:
>>
>> It seems that event scripts are run in insecure console mode. That doesn’t seem right.
>>
>> I thought we were protecting these so that only secure commands could create these scripts (vfs edit, append, cp, etc), but the scripts themselves ran secure? Otherwise, on a module with a password, how do you run scripts on startup? Putting ‘enable …’ in the script itself is inherently insecure.
>>
>> Anyway, I changed it to run these event scripts in secure mode. If that’s not right, let’s discuss it here…
>>
>> The other issue here is that these scripts may crash the system, so perhaps they should follow the ‘auto’ system as well? Only run event scripts if a corresponding ‘auto’ config is set (can default to true), and the auto system is not temporarily disabled due to too many crashes?
>>
>> Regards, Mark.
>>
>>> Begin forwarded message:
>>>
>>> From: GitHub <noreply at github.com <mailto:noreply at github.com>>
>>> Subject: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode
>>> Date: 11 March 2018 at 9:20:54 PM HKT
>>> To: mark at webb-johnson.net <mailto:mark at webb-johnson.net>
>>> Reply-To: GitHub <noreply at github.com <mailto:noreply at github.com>>
>>>
>>> Branch: refs/heads/master
>>> Home: https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3 <https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3>
>>> Commit: 037bddc3e6efa60c70c1fca36b0e0400c87bafe1
>>> https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037bddc3e6efa60c70c1fca36b0e0400c87bafe1 <https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037bddc3e6efa60c70c1fca36b0e0400c87bafe1>
>>> Author: Mark Webb-Johnson <mark at webb-johnson.net <mailto:mark at webb-johnson.net>>
>>> Date: 2018-03-11 (Sun, 11 Mar 2018)
>>>
>>> Changed paths:
>>> M vehicle/OVMS.V3/main/ovms_script.cpp
>>>
>>> Log Message:
>>> -----------
>>> OVMS event scripts are run in secure mode
>>>
>>>
>>
>>
>>
>> _______________________________________________
>> OvmsDev mailing list
>> OvmsDev at lists.teslaclub.hk <mailto:OvmsDev at lists.teslaclub.hk>
>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev <http://lists.teslaclub.hk/mailman/listinfo/ovmsdev>
>
> _______________________________________________
> OvmsDev mailing list
> OvmsDev at lists.teslaclub.hk
> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20180313/53ba293f/attachment.htm>
More information about the OvmsDev
mailing list