LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

A security threat that has always bothered me...

I always enjoy reading the forums and helping where I can, but every time I open someone's VI I think of this.  I really wish there was an option to in the environment to "Never run a VI when opened" that superseded the VI properties.

Message 1 of 11
(5,957 Views)

I usually don't click on a VI in explorer that I don't know what it contains. Instead I drag it from explorer into an empty VI diagram.

Rolf Kalbermatter
My Blog
Message 2 of 11
(5,929 Views)
@rolfk wrote:

I usually don't click on a VI in explorer that I don't know what it contains. Instead I drag it from explorer into an empty VI diagram.


I... hadn't thought of doing that.  Good call!  I'm going to do the same from now on.

0 Kudos
Message 3 of 11
(5,855 Views)

... and another Kudo from me!  I've also been "lazy", but will now start being "careful".  Thanks also to BowenM for raising the issue (which also rates a Kudo, now that I think about it ...).

 

Bob Schor

0 Kudos
Message 4 of 11
(5,844 Views)

@rolfk wrote:

I usually don't click on a VI in explorer that I don't know what it contains. Instead I drag it from explorer into an empty VI diagram.


That's an oldie, but goodie.  I had actually forgotten about it.  Doesn't LabVIEW have some sort of convoluted way to disable autorun so you no longer have to do it in this fashion?  (I still use the "make it a subVI" method because it just works.)

Bill
CLD
(Mid-Level minion.)
My support system ensures that I don't look totally incompetent.
Proud to say that I've progressed beyond knowing just enough to be dangerous. I now know enough to know that I have no clue about anything at all.
Humble author of the CLAD Nugget.
0 Kudos
Message 5 of 11
(5,819 Views)

@rolfk

Maybe make a little nugget on that, that's a very good piece of advice for anyone trying to help on the forums..... Also makes it better to link to.

 

Kudos.

0 Kudos
Message 6 of 11
(5,778 Views)

Altenbach suggested a sandbox mode to help improve security

http://forums.ni.com/t5/LabVIEW-Idea-Exchange/A-special-application-instance-for-potentially-unsafe-...

 

Maybe just prompt the first time a "run when opened" vi wants to run "This VI wants to auto run. Allow once, always allow, never allow" and anything with an installer can autoapprove the VIs. This is all very similar to how windows does firewall exceptions and how OS X does application approvals.

0 Kudos
Message 7 of 11
(5,713 Views)

Well an older version of my LabVIEW Tray Launcher actually did fix this but it wasn't intentional.

 

Basically what my application does is take over what Windows should do when it is asked to open a VI file (or other file types).  And instead of running LabVIEW, it runs my program, and my program decides what version of LabVIEW to open it with.  Early on there was a lot of work involved in opening VI files in a specific version of LabVIEW because it would have to open a reference that that LabVIEW instance, then open a reference that that VI (based on the path) then perform a front panel open, then wait a bit, and then usually you would need to call some Windows API call to force the front panel to be on top of all other windows.  This would force all VIs you double clicked on (or opened from a browser) to be open, but not run even if they were set to run on open.

 

I actually found this annoying for the few VIs that I wanted to run when opened so I looked into it, and there is a scripting method for opening any file in LabVIEW as if it were double clicked.  So in later versions of my program all that is needed is to open a reference to LabVIEW, and then invoke the open.  This opens the file in the normal way and would perform the run when opened.  The older version is still available but may have some bugs not fixed in the later ones.

 

Older 1.2.0 Release Notes.

Older 1.2.0 Installer.

Older 1.2.0 Source.

 

Newer 1.3.0 Release Notes.

Newer 1.3.0 Installer.

Newer 1.3.0 Source.

 

Looking at the 1.3.0 source I see that the Open VI.vi has a disabled diagram structure which still has the older method which could be enabled.  I could see improving my code to have a configure option for allowing a VI to be opened without running by default.

0 Kudos
Message 8 of 11
(5,629 Views)

Okay because I love you guys so much (and because I wanted to spin up a VM with all versions of LabVIEW).  I have made a release 1.4.0 of my LabVIEW Tray Launcher which can be used to have different behavior on Run When Open VIs.  I haven't posted this to my site or LAVA yet but the general idea is that you can change the behavior of what the Run When Open VIs do.  Through the settings you have it can behave like LabVIEW does today, or never run VIs automatically, or ask each time.  I haven't fully tested it so mention found bugs but my testing seems to work.

 

1.4.0 Installer

1.4.0 Source

 

There are a few undocumented features I'm using.  One of which is determining if a VI is set to run when opened, without opening the VI.  It looks at the contents of the LVSR data block in the VI and looking at one bit of one byte determines if this setting is turned on or not.  I tested this with several VIs from 2011 through 2016 but there's a chance it was a fluke, or didn't always behave this way so let me know if you find any issues with it.  Oh and I was working on adding shortcut commands, but never finished it so that part of the code is disabled.  The idea was you would be able to set shortcuts to things like abort all VIs, or restart a version of LabVIEW, or launch a version.  

 

Settings.png

Message 9 of 11
(5,542 Views)

That is a great idea Rolf.  Unfortunately it wouldn't catch the hidden code. I know because I just tried.  I did exactly as you said and dropped it into an open vi.  It looked innocous,so I ran it. I was surprised when the second dialog popped up.  

 

Although it shouldn't be too surprising.  I remember someone telling awhile ago of making vis with transparent icons and dropping them as subvis....

Sam Taggart
CLA, CPI, CTD, LabVIEW Champion
DQMH Trusted Advisor
Read about my thoughts on Software Development at sasworkshops.com/blog
GCentral
0 Kudos
Message 10 of 11
(5,487 Views)