Wed Jun 11 01:54:31 CEST 2003
First: thank you very much for being so helpful :)
> The essence of the answer is to ensure that the "untrusted" erlang node is
> forced to use a (more) trusted node to mediate all external communications
> to ensure it conforms to your policy. As it stands I don't believe the
> current OTP erlang ndes make it easy to do this (though by running the
> untrusted node in a chroot jail and seriously constraining its environment
> you could probably hack it up).
Actually, environment constraints are feasible in my envisioned application.
I can almost certainly use a read-only filesystem, and only have network
connectivity to other erlang-using machines, hence no generalised internet
access (unless mediated by a trusted erlang node). The hard part is
forcing other erlang nodes into not honouring spawn commands, but still
accepting ordinary messages.
As I understand it, if I can guarantee the host's behaviour, then
constraining the behaviour of other erlang nodes requires messing around
with the net_kernel?
[snip reference to interesting paper]
The only other alternative that I really see is pretty much implementation
of a virtual machine... which might actually be the easier answer.
More information about the erlang-questions