A less trusting Erlang.

Calum caluml@REDACTED
Sun Oct 11 23:55:11 CEST 2009

Hello all,

I am an Erlang beginner, although I've been dipping in and out of it
for a while.

I'd like to use Erlang, and the built-in distributed meshing effect of
it to build a sort of IRC-plus distributed storage/messaging system
platform, of which each node would run the Erlang app.
However, I'd like to use avoid using lib_chan if possible, and just
use the native Erlang connectivity/distribution mechanisms.

The big problem then is that Erlang is way too trusting for connecting
to random people in the default
if-you-know-my-cookie-you-can-do-whatever-you-like mode.

The obvious thing (to me anyway) would be to limit the calls that
remote nodes can make - Erlang Untrusting, if you will, or Paranoid

Would it be possible to patch the core libraries that "accept/receive"
the spawn requests, and check them against a list of "allowed"
For example, if erl was run with the -paranoid parameter, it would
only allow calls which are listed in .erlang.allowed to be made from
remote nodes. Such a file might look like public:*, mystuff:another/1,
etc etc.

Would it require patching and recompiling of the source to Erlang, or
could the "receive" function be "overwritten" from the

Is this approach one that could work? Are there sufficiently few
places that could be restricted to make this solution secure? How much
of a patch would this be, or are there too many places to be able to
secure it with any degree of confidence?

And even if these restrictions were in place, would it provide a
high-enough level of security to prevent ne'er-do-wells doing things
like drain resources, insert code somehow, etc? Or would it be too
hard to prevent people passing in Funs, or doing other unexpected

Hoping some Erlang heavyweights can provide some thoughts onto this
approach, and give some feedback on this idea.


PS. Apologies if this functionality already exists somewhere.

More information about the erlang-questions mailing list