running scripts is hosed with 1.4.2

Got a problem with Viscosity or need help? Ask here!

MasterYous

Posts: 13
Joined: Wed Apr 14, 2010 9:41 am

Post by MasterYous » Sat Sep 29, 2012 3:03 pm
Hi...

I enabled advanced scripting using the new option in the GUI. I set script-security to 2 just as the log warned me...

But I can no longer run scripts, period. With the version immediately prior of Viscosity, the script ran, but did not honor route-delay, so it was running as soon as TAP was opened... also not good.

Can you please restore this to working order? Need to be able to run scripts, and need to be able to have the script WAIT to run until after routes are established.

Here's the log:
Code: Select all
Sep 29 01:01:22: TUN/TAP device /dev/tap0 opened
Sep 29 01:01:22: WARNING: External program may not be called unless '--script-security 2' or higher is enabled.  Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.  See --help text or man page for detailed info.
Sep 29 01:01:22: WARNING: Failed running command (--route-up): external program fork failed
Sep 29 01:01:22: Initialization Sequence Completed
Sep 29 01:01:23: write to TUN/TAP : Input/output error (code=5)
Here's my config:
Code: Select all
down "/Applications/Viscosity.app/Contents/Resources/dnsdown.py tap0 1500 1574 init"
script-security 2
route-delay 9
route-up "/Applications/Viscosity.app/Contents/Resources/dnsup-delayed.py tap0 1500 1574 init"

MasterYous

Posts: 13
Joined: Wed Apr 14, 2010 9:41 am

Post by MasterYous » Thu Oct 04, 2012 1:18 am
Hey James - any update on this? Am I just missing something obvious? I still can't get any scripts to run, regdls of my script-security setting... and rgdls of whether or not I enable the 'advanced' scripts in the GUI.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sat Oct 06, 2012 2:36 am
Hi MasterYous,

Viscosity is overriding script-security to a value of 1 no matter of what is set in the config file. I'll see about getting a new beta build up that doesn't force the value to 1 if the "Allow unsafe OpenVPN commands to be used" option is enabled.

That said, enabling the "Allow unsafe OpenVPN commands to be used" option does open you up to potential local privilege escalation exploits, so it's strongly recommended Viscosity AppleScript support be used instead (you can call scripts using admin rights if needed by using AppleScripts run as administrator call, or by using the suid bit).

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

MasterYous

Posts: 13
Joined: Wed Apr 14, 2010 9:41 am

Post by MasterYous » Sat Oct 06, 2012 1:52 pm
James,
Appreciate the response.

Based on what you advised, a little bit of background on what I am doing is warranted.

I have heavily modified Viscosity 's DNS python scripts to support things like multiple domain suffix searching even when the options are negotiated via pure DHCP (no PUSH options being used at all).

So, I need to be able to call a python script. Can I do this with AppleScript? I don't know anything about AppleScript.

Thanks!

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Oct 22, 2012 2:48 am
Hi MasterYous,

You can find some information about using AppleScript on the following page - as you have working Python scripts the easiest approach would be to simply call these with admin rights from your AppleScript script:
http://www.sparklabs.com/support/runnin ... when_conn/

I've also updated the latest beta version so a script-security level is not enforced if you have enabled the "Allow unsafe OpenVPN commands to be used" option. It can be downloaded from:
http://www.sparklabs.com/forum/viewtopic.php?p=134#p134

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
5 posts Page 1 of 1