appspace pollution :)

[Matthias Lang]

Sean Hinde writes:

 > Is anyone aware of any detailed security analysis done on 
 > Erlang/OTP? 

Dan Sahlin, Lawrie Brown and others worked on something called "Safe
Erlang" (see the papers section on DMOZ:
http://www.ericsson.com/cslab/publications.shtml). I last read one of
their papers three years ago, so I'm a bit hazy about what exactly
they were doing, but I think it was mostly focussed on being able to
safely execute third-party code on an erlang node. Not quite what you
were asking about, but it includes related issues.

 > For example there were vulnerabilities in zlib some time ago 
 > (fixed in R9B?).

R9B has a newer version of zlib, so I think it's fixed, but I'm not
sure.

Daniel Neri posted a patch for R8B-2:

  http://www.erlang.org/ml-archive/erlang-questions/200210/msg00049.html

Matthias