Michael Balzer wrote:
Am 25.02.2018 um 01:12 schrieb Stephen Casner:
In order for a module that has been configured to become useful automatically after power cycles it will be necessary for the start-up script(s) to execute commands that require being enabled. If that requires putting an enable command with clear-text password into the startup script, that's not good.
-- Steve Good point.
How about allowing write access to event scripts on "/store" only in enabled mode and then generally run those scripts in enabled mode?
Regards, Michael
That works for me, though I thought that write access to anywhere in the file system already required Enable access, no? It was a bit of a surprise that the system event scripts weren't already run with "enable" privileges. User-level scripts (initiated by the CLI) should also require Enable access before starting them. We shouldn't ever need to have clear-text passwords in script files. What about Duktape scripts that can be called for Metric evaluation from the OBDII ECU Simulator? I can imagine that someone clever could odd things with specially crafted OBDII PID requests via pre-written scripts. But that would require access to the OBDII CAN Bus... Greg