It seems that event scripts are run in insecure console mode. That doesn’t seem right. I thought we were protecting these so that only secure commands could create these scripts (vfs edit, append, cp, etc), but the scripts themselves ran secure? Otherwise, on a module with a password, how do you run scripts on startup? Putting ‘enable …’ in the script itself is inherently insecure. Anyway, I changed it to run these event scripts in secure mode. If that’s not right, let’s discuss it here… The other issue here is that these scripts may crash the system, so perhaps they should follow the ‘auto’ system as well? Only run event scripts if a corresponding ‘auto’ config is set (can default to true), and the auto system is not temporarily disabled due to too many crashes? Regards, Mark.
Begin forwarded message:
From: GitHub <noreply@github.com> Subject: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode Date: 11 March 2018 at 9:20:54 PM HKT To: mark@webb-johnson.net Reply-To: GitHub <noreply@github.com>
Branch: refs/heads/master Home: https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3 Commit: 037bddc3e6efa60c70c1fca36b0e0400c87bafe1 https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037b... Author: Mark Webb-Johnson <mark@webb-johnson.net> Date: 2018-03-11 (Sun, 11 Mar 2018)
Changed paths: M vehicle/OVMS.V3/main/ovms_script.cpp
Log Message: ----------- OVMS event scripts are run in secure mode