[Ovmsdev] Fwd: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode
mark at webb-johnson.net
Tue Mar 13 09:53:52 HKT 2018
I think we can improve the reliability of Duktape calls. At the moment, we let their normal abort handlers do their thing - and that is a complete abort and CPU reset. There are hooks in Duktape to catch those exceptions and handle appropriately. I’ll have a look at it when I have more time.
> On 12 Mar 2018, at 1:39 AM, Greg D. <gregd2350 at gmail.com> wrote:
> Thanks for the change. Back before I had the flash corruption (and had to erase everything and start over), I had a module password set. All the event scripts, including system.start, had to begin with an "enable blablabla" statement, in clear text. That felt really wrong.
> What about scripts that are launched by other tasks, e.g. the Duktape scripts that the obd2ecu task can use to customize metrics? I presume they are the same (run as secure), right? But, it's really easy for them to crash the system with a stack overflow or random Duktape error. Best bet would be to catch these and just return zero, but right now it's a very fragile system. Would those errors (which could occur some randomly long time after boot, e.g. a metric-based divide-by-zero) trigger the disabling of auto init?
> Mark Webb-Johnson wrote:
>> It seems that event scripts are run in insecure console mode. That doesn’t seem right.
>> I thought we were protecting these so that only secure commands could create these scripts (vfs edit, append, cp, etc), but the scripts themselves ran secure? Otherwise, on a module with a password, how do you run scripts on startup? Putting ‘enable …’ in the script itself is inherently insecure.
>> Anyway, I changed it to run these event scripts in secure mode. If that’s not right, let’s discuss it here…
>> The other issue here is that these scripts may crash the system, so perhaps they should follow the ‘auto’ system as well? Only run event scripts if a corresponding ‘auto’ config is set (can default to true), and the auto system is not temporarily disabled due to too many crashes?
>> Regards, Mark.
>>> Begin forwarded message:
>>> From: GitHub <noreply at github.com <mailto:noreply at github.com>>
>>> Subject: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode
>>> Date: 11 March 2018 at 9:20:54 PM HKT
>>> To: mark at webb-johnson.net <mailto:mark at webb-johnson.net>
>>> Reply-To: GitHub <noreply at github.com <mailto:noreply at github.com>>
>>> Branch: refs/heads/master
>>> Home: https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3 <https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3>
>>> Commit: 037bddc3e6efa60c70c1fca36b0e0400c87bafe1
>>> https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037bddc3e6efa60c70c1fca36b0e0400c87bafe1 <https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037bddc3e6efa60c70c1fca36b0e0400c87bafe1>
>>> Author: Mark Webb-Johnson <mark at webb-johnson.net <mailto:mark at webb-johnson.net>>
>>> Date: 2018-03-11 (Sun, 11 Mar 2018)
>>> Changed paths:
>>> M vehicle/OVMS.V3/main/ovms_script.cpp
>>> Log Message:
>>> OVMS event scripts are run in secure mode
>> OvmsDev mailing list
>> OvmsDev at lists.teslaclub.hk <mailto:OvmsDev at lists.teslaclub.hk>
>> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev <http://lists.teslaclub.hk/mailman/listinfo/ovmsdev>
> OvmsDev mailing list
> OvmsDev at lists.teslaclub.hk
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OvmsDev