Thanks for the change. Back before I had the flash corruption (and
had to erase everything and start over), I had a module password
set. All the event scripts, including system.start, had to begin
with an "enable blablabla" statement, in clear text. That felt
really wrong.
What about scripts that are launched by other tasks, e.g. the
Duktape scripts that the obd2ecu task can use to customize metrics?
I presume they are the same (run as secure), right? But, it's
really easy for them to crash the system with a stack overflow or
random Duktape error. Best bet would be to catch these and just
return zero, but right now it's a very fragile system. Would those
errors (which could occur some randomly long time after boot, e.g. a
metric-based divide-by-zero) trigger the disabling of auto init?
Greg
Mark Webb-Johnson wrote:
It seems that event scripts are run in insecure console mode. That
doesn’t seem right.
I thought we were protecting these so that only
secure commands could create these scripts (vfs edit, append,
cp, etc), but the scripts themselves ran secure? Otherwise, on a
module with a password, how do you run scripts on startup?
Putting ‘enable …’ in the script itself is inherently insecure.
Anyway, I changed it to run these event scripts in
secure mode. If that’s not right, let’s discuss it here…
The other issue here is that these scripts may crash
the system, so perhaps they should follow the ‘auto’ system as
well? Only run event scripts if a corresponding ‘auto’ config is
set (can default to true), and the auto system is not
temporarily disabled due to too many crashes?
Regards, Mark.
Begin forwarded message:
Subject: [openvehicles/Open-Vehicle-Monitoring-System-3]
037bdd: OVMS event scripts are run in secure mode
Date: 11 March 2018 at
9:20:54 PM HKT
_______________________________________________
OvmsDev mailing list
OvmsDev@lists.teslaclub.hk
http://lists.teslaclub.hk/mailman/listinfo/ovmsdev