[erlang-questions] Securing remote spawning
Matthias Lang
matthias@REDACTED
Wed Apr 23 22:28:33 CEST 2008
Sean Hinde writes:
> It is very easy to roll your own RPC:
>
> call(Sock, M,F,A) ->
> gen_tcp:send(Sock, erlang:term_to_binary(M,F,A)).
>
> Then at the other end:
>
> receive
> {tcp, Sock, Data} ->
> case erlang:term_to_binary(Data) of
> {M, F, A} when is_list(A) ->
> case lists:member({M,F,length(A)}, Allowed_funcs) of
> true ->
> apply(M,F,A);
> false ->
> ignore
> end;
> _ -> ignore
> end
>
> etc
This example illustrates the general idea, and you can (and should!)
robustify it in practice if you want to deal with potentially
malicious clients.
A starting point would be to eliminate binary_to_term/1 (which is what
Sean meant to write in the 'receive' above, where he wrote
'term_to_binary'). binary_to_term/1 is too general and too
powerful. Not only can a client launch a DOS attack using it (by
overflowing the atom table), but there have been quite a few examples
of how to crash the emulator with it:
http://www.erlang.org/pipermail/erlang-questions/2001-June/003332.html
http://www.erlang.org/pipermail/erlang-questions/2006-February/018901.html
http://www.erlang.org/pipermail/erlang-bugs/2008-February/000634.html
Matt
More information about the erlang-questions
mailing list