[erlang-questions] Remote "access" points

Calum <>
Wed Nov 18 14:38:16 CET 2009


On Wed, Nov 18, 2009 at 10:14 AM, Roberto Aloi
<> wrote:
>
> I'm not sure you're heading to the right direction. I mean, tweaking the core code, identifying all entry points...
> What are you trying to do exactly?

I am trying to modify Erlang so that remote nodes can't just run
anything they like on other nodes.
My plan is to identify the points at which the request to run a
function enters the local node, and check if it is calling something
in a module called "public".
This would then allow the node owner to know what was being exposed,
because if it wasn't in a module called public, it wouldn't be
runnable.

>> Another thing - putting a debug io:format doesn't seem to be a good
>> way to debug which functions are being hit - is there a better way?
> I would suggest you to have a look to the dbg documentation:
>
> http://erlang.org/doc/man/dbg.html
>
> A simple tutorial from my blog:
> http://aloiroberto.wordpress.com/2009/02/23/tracing-erlang-functions/

Thanks - I'll have a look at that.

>> Someone also mentioned that when you obtained a Pid from a spawn, you
>> can do other things with it? Could someone explain what you can do
>> with it?
> Try to have a look to the concurrent programming section from the erlang.org website:
> http://erlang.org/course/concurrent_programming.html

I know that you can use it to send messages to the process it was returned from.
What I'm curious about is is whether it can be subverted in any way?

Let's say I've written a function called public:foo that just listens
for messages, and does something simple.
If I run Pid = spawn(SomeNode, public, foo, []). is there any way to
abuse/manipulate the returned Pid to be able to do other things on
SomeNode that aren't part of public:foo.

Someone mentioned something called rex - but I didn't understand what
part that played.

> Also, here's explained the structure of an Erlang Pid:
> http://stackoverflow.com/questions/243363/can-someone-explain-the-structure-of-a-pid-in-erlang

I'll have a look at that after work - thanks.

C


More information about the erlang-questions mailing list