Security limitations in 2.5.2 exec binding

Corrected my post, there was a superfluent /conf.

You can see folder Layout here

Thank you. The file is created after update or do I have to create it manually?

1 Like

You have to create it manually


I have this in one of my rules:

var String powerStateEnigmaLong = executeCommandLine("curl -s http://" + enigma_ip + "/web/powerstate", 5000)

Is this the same like exec-binding? Do i have to write this in my whitelist too?

1 Like

It doesn’t look like it here. I have many executeCommandLine() too, and they are still working after the update.

It’s worth noting that if you use exec binding and configure it via PaperUI, you still need to create the whitelist.

I grabbed my commands in one go using:

grep 'command":' /var/lib/openhab2/jsondb/org.eclipse.smarthome.core.thing.Thing.json

then copy/pasted into the whitelist.

Edit: for anyone stumbling on this, there is a far better way of extracting the commands and writing them to the file here


OK, i created the folder misc and created the exec.whitelist file, filled it with the one anly only command, set all the permissions, cleaned the cache restarted openHAB2 and:

2020-02-20 13:43:21.470 [WARN ] [ng.exec.internal.handler.ExecHandler] - Tried to execute '/etc/openhab2/scripts/ >/dev/null 2>&1', but it is not contained in whitelist.

Any ideas?

1 Like

Same for me…

1 Like

I had a little trouble as well getting this to work after upgrading to version 2.5.2. My experience has been, that you have to copy the command from the things parameters to the whitelist and not the resulting command after parameter expansion. I first had:

/usr/local/bin/ps4-waker check

in the whitelist which did not work, because this got expanded from the things parameter where i entered:

/usr/local/bin/ps4-waker %2$s

When i added this to /etc/openhab2/misc/exec.whitelist all warnings and errors disappeared…

kind regards,


Same error. A couple of reboots fixed it for me. Also, I removed a # comment so there is nothing else in the list

edit… Looking at the logs it shows just after restart the ’ not contained in the white list ’ error but immediately followed by the result of the command. So it did run despite the log message

My things file:

Thing exec:command:uptime [command="/etc/openhab2/scripts/", interval=60, timeout=2]

My exec.whitelist


So what is the right command?

It is how I have it.

Mine seems to be running now I just left it alone but I did the see the error as it booted back up.

It looks like the line end of the exec.whitelist file must be CRLF. LF did not work on my openhabian installation.


Notepad++ shows… LF for me, with LF on empty line below too

Same here for the exec transformation.
After converting the misc/exec.whitelist from LF to CRLF, the entered lines are recognized.

1 Like

Seems that the CRLF did the trick

To answer the original question:

As far as I can tell, wildcards are not supported.

I’m also having problems with the whitelist.
I have created the folder in /etc/openhab2/misc and the file in it, with CRLF endings, but it still says it is not contained in the whitelist, these are rather simple bash scripts mainly…

Ps.: I have changed the ending to LF and it started to work, even without a restart :slight_smile: funny…


How can I update this page to add the extra information?

And for clarity, what format does the exec.whitelist need?

Does it require a line feed after each command, or it is CSV style?

There is a link at the bottom of the page that will open the file in GitHub where you can edit and submit a PR. I’m pretty sure that link is working correctly again.