Fwd: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode
It seems that event scripts are run in insecure console mode. That doesn’t seem right. I thought we were protecting these so that only secure commands could create these scripts (vfs edit, append, cp, etc), but the scripts themselves ran secure? Otherwise, on a module with a password, how do you run scripts on startup? Putting ‘enable …’ in the script itself is inherently insecure. Anyway, I changed it to run these event scripts in secure mode. If that’s not right, let’s discuss it here… The other issue here is that these scripts may crash the system, so perhaps they should follow the ‘auto’ system as well? Only run event scripts if a corresponding ‘auto’ config is set (can default to true), and the auto system is not temporarily disabled due to too many crashes? Regards, Mark.
Begin forwarded message:
From: GitHub <noreply@github.com> Subject: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode Date: 11 March 2018 at 9:20:54 PM HKT To: mark@webb-johnson.net Reply-To: GitHub <noreply@github.com>
Branch: refs/heads/master Home: https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3 Commit: 037bddc3e6efa60c70c1fca36b0e0400c87bafe1 https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037b... Author: Mark Webb-Johnson <mark@webb-johnson.net> Date: 2018-03-11 (Sun, 11 Mar 2018)
Changed paths: M vehicle/OVMS.V3/main/ovms_script.cpp
Log Message: ----------- OVMS event scripts are run in secure mode
Greg, I think we can improve the reliability of Duktape calls. At the moment, we let their normal abort handlers do their thing - and that is a complete abort and CPU reset. There are hooks in Duktape to catch those exceptions and handle appropriately. I’ll have a look at it when I have more time. Regards, Mark.
On 12 Mar 2018, at 1:39 AM, Greg D. <gregd2350@gmail.com> wrote:
Thanks for the change. Back before I had the flash corruption (and had to erase everything and start over), I had a module password set. All the event scripts, including system.start, had to begin with an "enable blablabla" statement, in clear text. That felt really wrong.
What about scripts that are launched by other tasks, e.g. the Duktape scripts that the obd2ecu task can use to customize metrics? I presume they are the same (run as secure), right? But, it's really easy for them to crash the system with a stack overflow or random Duktape error. Best bet would be to catch these and just return zero, but right now it's a very fragile system. Would those errors (which could occur some randomly long time after boot, e.g. a metric-based divide-by-zero) trigger the disabling of auto init?
Greg
Mark Webb-Johnson wrote:
It seems that event scripts are run in insecure console mode. That doesn’t seem right.
I thought we were protecting these so that only secure commands could create these scripts (vfs edit, append, cp, etc), but the scripts themselves ran secure? Otherwise, on a module with a password, how do you run scripts on startup? Putting ‘enable …’ in the script itself is inherently insecure.
Anyway, I changed it to run these event scripts in secure mode. If that’s not right, let’s discuss it here…
The other issue here is that these scripts may crash the system, so perhaps they should follow the ‘auto’ system as well? Only run event scripts if a corresponding ‘auto’ config is set (can default to true), and the auto system is not temporarily disabled due to too many crashes?
Regards, Mark.
Begin forwarded message:
From: GitHub <noreply@github.com <mailto:noreply@github.com>> Subject: [openvehicles/Open-Vehicle-Monitoring-System-3] 037bdd: OVMS event scripts are run in secure mode Date: 11 March 2018 at 9:20:54 PM HKT To: mark@webb-johnson.net <mailto:mark@webb-johnson.net> Reply-To: GitHub <noreply@github.com <mailto:noreply@github.com>>
Branch: refs/heads/master Home: https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3 <https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3> Commit: 037bddc3e6efa60c70c1fca36b0e0400c87bafe1 https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037b... <https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/037bddc3e6efa60c70c1fca36b0e0400c87bafe1> Author: Mark Webb-Johnson <mark@webb-johnson.net <mailto:mark@webb-johnson.net>> Date: 2018-03-11 (Sun, 11 Mar 2018)
Changed paths: M vehicle/OVMS.V3/main/ovms_script.cpp
Log Message: ----------- OVMS event scripts are run in secure mode
_______________________________________________ OvmsDev mailing list OvmsDev@lists.teslaclub.hk <mailto:OvmsDev@lists.teslaclub.hk> http://lists.teslaclub.hk/mailman/listinfo/ovmsdev <http://lists.teslaclub.hk/mailman/listinfo/ovmsdev>
_______________________________________________ OvmsDev mailing list OvmsDev@lists.teslaclub.hk http://lists.teslaclub.hk/mailman/listinfo/ovmsdev
participants (2)
-
Greg D. -
Mark Webb-Johnson