[erlang-questions] Remote "access" points
Andrew Thompson
andrew@REDACTED
Wed Nov 18 19:32:47 CET 2009
On Wed, Nov 18, 2009 at 06:27:14PM +0000, Calum wrote:
> On Wed, Nov 18, 2009 at 2:18 PM, Ulf Wiger
> <ulf.wiger@REDACTED> wrote:
> > That's the registered name of the rpc server.
> > It is a gen_server, so it's not terribly difficult
> > to figure out how to fake a request without spawning
> > anything on the remote node.
> >
> > Try this (not on a production node!):
> >
> > {rex,RemoteNode} !
> > {'$gen_call',{dummy_pid,dummy_ref},{call,erlang,halt,[],self()}}.
> >
> > If you can send a message to any process on a node, you can
> > do evil things to that node in general.
>
> But I spy the module name in there - erlang.
> If I could filter the {call,erlang,halt,[],self()} part ( use the
> guard =:= 'public', for instance), then that would fail too?
>
But its a message not a function call? Are you proposing to filter all
messages from other nodes as well as all calls to rpc:call or spawn?
Andrew
More information about the erlang-questions
mailing list