[erlang-questions] A less trusting Erlang.

Yogish Baliga yogishb@REDACTED
Wed Oct 14 18:25:38 CEST 2009 

We are using Erlang across data center boundary. We are using proto_dist as inet_ssl for communication between erlang nodes.  Also using min and max port setup provided by inet to limit the communication on a specific set of ports.

On each physical box, we have setup iptable based firewall.

-- baliga
 
"Point of view is worth 80 IQ points" --Alan Kay

http://dudefrommangalore.blogspot.com/





________________________________
From: Calum <caluml@REDACTED>
To: erlang-questions@REDACTED
Sent: Sun, October 11, 2009 2:55:11 PM
Subject: [erlang-questions] A less trusting Erlang.

Hello all,

I am an Erlang beginner, although I've been dipping in and out of it
for a while.

I'd like to use Erlang, and the built-in distributed meshing effect of
it to build a sort of IRC-plus distributed storage/messaging system
platform, of which each node would run the Erlang app.
However, I'd like to use avoid using lib_chan if possible, and just
use the native Erlang connectivity/distribution mechanisms.

The big problem then is that Erlang is way too trusting for connecting
to random people in the default
if-you-know-my-cookie-you-can-do-whatever-you-like mode.

The obvious thing (to me anyway) would be to limit the calls that
remote nodes can make - Erlang Untrusting, if you will, or Paranoid
Erlang.

Would it be possible to patch the core libraries that "accept/receive"
the spawn requests, and check them against a list of "allowed"
functions.
For example, if erl was run with the -paranoid parameter, it would
only allow calls which are listed in .erlang.allowed to be made from
remote nodes. Such a file might look like public:*, mystuff:another/1,
etc etc.

Would it require patching and recompiling of the source to Erlang, or
could the "receive" function be "overwritten" from the
shell/programatically?

Is this approach one that could work? Are there sufficiently few
places that could be restricted to make this solution secure? How much
of a patch would this be, or are there too many places to be able to
secure it with any degree of confidence?

And even if these restrictions were in place, would it provide a
high-enough level of security to prevent ne'er-do-wells doing things
like drain resources, insert code somehow, etc? Or would it be too
hard to prevent people passing in Funs, or doing other unexpected
things?

Hoping some Erlang heavyweights can provide some thoughts onto this
approach, and give some feedback on this idea.

C

PS. Apologies if this functionality already exists somewhere.

________________________________________________________________
erlang-questions mailing list. See http://www.erlang.org/faq.html
erlang-questions (at) erlang.org

More information about the erlang-questions mailing list