[erlang-bugs] The Erlang Restricted Shell allows execution of random commands

Roberto Aloi <>
Tue Jan 31 12:46:24 CET 2012

Hi all,

reading from the Erlang doc:


"The shell may be started in a restricted mode. In this mode, the shell evaluates a function call only if allowed."

Let's write a minimal module which whitelists the 'lists' module only:


-export([local_allowed/3, non_local_allowed/3]).

-define(NON_LOCAL_ALLOWED, [lists]).

local_allowed(_Cmd, _Args, State) ->
    {false, State}.

non_local_allowed({Module, _Function}, _Args, State) ->
    {lists:member(Module, ?NON_LOCAL_ALLOWED), State}.

Let's then start a restricted shell, using the above module.

$ erlc restrict.erl
$ erl -stdlib restricted_shell restrict

Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:4:4] [rq:4] [async-threads:0] [hipe] [kernel-poll:false]

Restricted Eshell V5.8.5  (abort with ^G)

And let's see if it works as expected.

1> erlang:time(). 
** exception exit: restricted shell does not allow time()


2> erlang:apply(erlang, time, []).
** exception exit: restricted shell does not allow time()


3> F = fun (M,F,A) -> lists:zipwith3({erlang, apply}, [M], [F], [ A ]) end.
4> F(erlang, time, []).


Please notice that I'm not the one who actually discovered this bug (or is it a feature?). It was actually one of the tryerlang.org users, who kindly informed me about this. Originally I thought this was an application bug, but it is not. This is more generic and it affects the restricted shell itself.

Best regards,

Roberto Aloi
Erlang Solutions Ltd.

More information about the erlang-bugs mailing list