[erlang-questions] A less trusting Erlang.
Mon Oct 12 21:46:01 CEST 2009
Could perhaps the pid generation in the VM be made more random,
therefore you can only gain access to pids that you know the name to?
This seems like an obvious (and pretty trivial) solution to obscure and
increase the security of the Erlang system.
Jim McCoy wrote:
> The problem I am seeing with this is that it is not sufficient to just
> prevent a remote node from running an apply() or calling certain
> functions, you also have to prevent it from sending messages to places
> you care about. What happens to your system if my node connects and
> then starts spraying exit signals around? This is the hard part. In
> theory a pid() should be a relatively safe unguessable number, in
> practice it is trivial to guess and there are built-in facilities to
> make this task even easier. There are at least two parts to making
> Erlang "internally secure": restricting function calls across trust
> boundaries (as you have noted) and restricting message sending across
> these same boundaries. There are probably other components necessary
> for this task, but those two jump right out as hard problems to solve.
> erlang-questions mailing list. See http://www.erlang.org/faq.html
> erlang-questions (at) erlang.org
More information about the erlang-questions