Brain Dump #1
Thu Feb 6 18:55:38 CET 2003
I've been pondering that for a few days now. If Erlang had a safe
mode, where processes can be boxed in, it might be possible to do
some more interesting programming. But then again, maybe not.
I have never used the safe Perl or safe Tcl functions to run boxed
code, nor have I ever used boxed Java (except safe for a handful of
applets back in '97/'98). That may very well be a feature not worth
One problem is definately the limit on the number of nodes. 200
nodes doesn't go very far on the public internet.
I think time would be better spent ensuring that binary_to_term/1
doesn't do strange stuff when it gets an unexpected binary (stack
smashing attacks, etc.).
Mickael Remond <mickael.remond@REDACTED> wrote:
> * Vlad Dumitrescu (EAW) <Vlad.Dumitrescu@REDACTED> [2003-02-06 17:45:16 +0100]:
> > What if someone evil outside this list finds out about this, downloads
> > Erlang, enters the system and begins to "have fun" by running os:cmd("rm -rf
> > *")? ;-)
> Would modifying the net_kernel to execute only allowed modules and prevent
> message passing to some process do the trick ?
> Would it be enough to have a simple secure Erlang ?
More information about the erlang-questions