I thought we were protecting these so that only secure commands could create these scripts (vfs edit, append, cp, etc), but the scripts themselves ran secure? Otherwise, on a module with a password, how do you run scripts on startup? Putting ‘enable …’ in the script itself is inherently insecure.

The other issue here is that these scripts may crash the system, so perhaps they should follow the ‘auto’ system as well? Only run event scripts if a corresponding ‘auto’ config is set (can default to true), and the auto system is not temporarily disabled due to too many crashes?

Regards, Mark.

Begin forwarded message:

From: GitHub <noreply@github.com>
Subject: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode
Date: 11 March 2018 at 9:20:54 PM HKT
To: mark@webb-johnson.net
Reply-To: GitHub <noreply@github.com>

Branch: refs/heads/master
Home:   https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3
Commit: 037bddc3e6efa60c70c1fca36b0e0400c87bafe1
     https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037bddc3e6efa60c70c1fca36b0e0400c87bafe1
Author: Mark Webb-Johnson <mark@webb-johnson.net>
Date:   2018-03-11 (Sun, 11 Mar 2018)

Changed paths:
   M vehicle/OVMS.V3/main/ovms_script.cpp

Log Message:
-----------
OVMS event scripts are run in secure mode