Distributed Erlang Security

Francesco Cesarini cesarini@REDACTED
Tue Jan 16 10:48:39 CET 2001


Have you looked at the net kernel? It is an Erlang process which
coordinates operations in a distributed Erlang Node. Bifs dealing with
distribution (such as spawn) are converted into messages on the
originating node and sent to the net kernel on its peer. It will also
handle authentication and reject or accept messages.

You can change the net kernel with a user defined process and do things
such as

* change the authentication scheme
* allow messages to be sent only to a specific registered process
* Block spawning of processes,
* etc. etc. 

There are probably many issues I have not covered, but hopefully the
above should get you going in the right track.

Regards,
Francesco

Charles Martin wrote:
> 
> Are there any provisions for code security in Erlang?  To make this
> question concrete, suppose I implemented a Gnutella-like system in
> Erlang.  Every user now runs an Erlang node.  Suppose one of the users is
> malicious; could they execute arbitrary code on the other user's
> machines?  Is there any way to use Erlang with untrusted users?
> 
> Charles

-- 
Francesco Cesarini

Erlang/OTP consultant
Cellular: INT+44-7776 250381 
ECN: 832-707192
http://welcome.to/cesarini.consulting



More information about the erlang-questions mailing list