[erlang-questions] Securing remote spawning
Sean Hinde
sean.hinde@REDACTED
Wed Apr 23 23:16:27 CEST 2008
If you allow authentication and connection via the normal erlang
distribution then everything is wide open.
If you do not allow this connection (e.g. by forewall, and having a
secret cookie), and hence only allow a custom protocol then you can
control it completely. There is no "default" remote spawning over my
proposed protocol, or HTTP or...
Sean
On 23 Apr 2008, at 21:59, <maarten@REDACTED> wrote:
> That was what I was expecting (as a mechanism). This looks like
> Erlang is vey powerful but the power cannot be contained easily in
> non-closed (or non-trusted) environments.
>
> Because if I understand correctly, I'd also have to shut down the
> "default" remote spawning mechanism on the receiving side.
>
> --Maarten
>
> ---------------------------------------------------------
>
>
> From: Torbjorn Tornkvist <tobbe@REDACTED>
> Date: 4/23/08 20:49Subject: Re: [erlang-questions] Securing
> remote spawning
>
>
> Couldn't the ssh lib be used in order to do authenticated rpc calls ?
>
> --Tobbe
>
>
> Matthias Lang wrote:
>> Sean Hinde writes:
>>
>>> It is very easy to roll your own RPC:
>>>
>>> call(Sock, M,F,A) ->
>>> gen_tcp:send(Sock, erlang:term_to_binary(M,F,A)).
>>>
>>> Then at the other end:
>>>
>>> receive
>>> {tcp, Sock, Data} ->
>>> case erlang:term_to_binary(Data) of
>>> {M, F, A} when is_list(A) ->
>>> case lists:member({M,F,length(A)}, Allowed_funcs) of
>>> true ->
>>> apply(M,F,A);
>>> false ->
>>> ignore
>>> end;
>>> _ -> ignore
>>> end
>>>
>>> etc
>>
>> This example illustrates the general idea, and you can (and should!)
>> robustify it in practice if you want to deal with potentially
>> malicious clients.
>>
>> A starting point would be to eliminate binary_to_term/1 (which is
>> what
>> Sean meant to write in the 'receive' above, where he wrote
>> 'term_to_binary'). binary_to_term/1 is too general and too
>> powerful. Not only can a client launch a DOS attack using it (by
>> overflowing the atom table), but there have been quite a few examples
>> of how to crash the emulator with it:
>>
>> http://www.erlang.org/pipermail/erlang-questions/2001-June/003332.html
>> http://www.erlang.org/pipermail/erlang-questions/2006-February/018901.html
>> http://www.erlang.org/pipermail/erlang-bugs/2008-February/
>> 000634.html
>>
>> Matt
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-questions
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list