[erlang-questions] Securing remote spawning

Torbjorn Tornkvist tobbe@REDACTED
Wed Apr 23 22:40:13 CEST 2008


Couldn't the ssh lib be used in order to do authenticated rpc calls ?

--Tobbe


Matthias Lang wrote:
> Sean Hinde writes:
> 
>  > It is very easy to roll your own RPC:
>  > 
>  > call(Sock, M,F,A) ->
>  >      gen_tcp:send(Sock, erlang:term_to_binary(M,F,A)).
>  > 
>  > Then at the other end:
>  > 
>  > receive
>  >      {tcp, Sock, Data} ->
>  >          case erlang:term_to_binary(Data) of
>  >              {M, F, A} when is_list(A) ->
>  > 	         case lists:member({M,F,length(A)}, Allowed_funcs) of
>  >                      true ->
>  >                          apply(M,F,A);
>  >                      false ->
>  >                           ignore
>  >                   end;
>  >              _ -> ignore
>  >         end
>  > 
>  > etc
> 
> This example illustrates the general idea, and you can (and should!)
> robustify it in practice if you want to deal with potentially
> malicious clients.
> 
> A starting point would be to eliminate binary_to_term/1 (which is what
> Sean meant to write in the 'receive' above, where he wrote
> 'term_to_binary'). binary_to_term/1 is too general and too
> powerful. Not only can a client launch a DOS attack using it (by
> overflowing the atom table), but there have been quite a few examples
> of how to crash the emulator with it:
> 
>   http://www.erlang.org/pipermail/erlang-questions/2001-June/003332.html
>   http://www.erlang.org/pipermail/erlang-questions/2006-February/018901.html
>   http://www.erlang.org/pipermail/erlang-bugs/2008-February/000634.html
> 
> Matt




More information about the erlang-questions mailing list