[erlang-questions] Securing remote spawning
Torbjorn Tornkvist
tobbe@REDACTED
Wed Apr 23 22:40:13 CEST 2008
Couldn't the ssh lib be used in order to do authenticated rpc calls ?
--Tobbe
Matthias Lang wrote:
> Sean Hinde writes:
>
> > It is very easy to roll your own RPC:
> >
> > call(Sock, M,F,A) ->
> > gen_tcp:send(Sock, erlang:term_to_binary(M,F,A)).
> >
> > Then at the other end:
> >
> > receive
> > {tcp, Sock, Data} ->
> > case erlang:term_to_binary(Data) of
> > {M, F, A} when is_list(A) ->
> > case lists:member({M,F,length(A)}, Allowed_funcs) of
> > true ->
> > apply(M,F,A);
> > false ->
> > ignore
> > end;
> > _ -> ignore
> > end
> >
> > etc
>
> This example illustrates the general idea, and you can (and should!)
> robustify it in practice if you want to deal with potentially
> malicious clients.
>
> A starting point would be to eliminate binary_to_term/1 (which is what
> Sean meant to write in the 'receive' above, where he wrote
> 'term_to_binary'). binary_to_term/1 is too general and too
> powerful. Not only can a client launch a DOS attack using it (by
> overflowing the atom table), but there have been quite a few examples
> of how to crash the emulator with it:
>
> http://www.erlang.org/pipermail/erlang-questions/2001-June/003332.html
> http://www.erlang.org/pipermail/erlang-questions/2006-February/018901.html
> http://www.erlang.org/pipermail/erlang-bugs/2008-February/000634.html
>
> Matt
More information about the erlang-questions
mailing list