[erlang-questions] Right direction ?

David Goehrig dave@REDACTED
Thu Sep 29 15:18:51 CEST 2011


On Wed, Sep 28, 2011 at 6:28 AM, Joe Armstrong <erlang@REDACTED> wrote:

3) Some programs (actually any program) evaluates the BIF
>
>    erlang:load_module(Mod, Bin)
>
>
I'm curious, this looks like one place in the entire system that I'd love to
keep an active trace log of over time.  Since we can load arbitrary byte
code here, it is the most likely place for abuse (both good and bad).

This makes me feel like it might be a half decent idea to implement
http_code_server.erl that uses erlang:load_module(Mod,Bin) to directly load
modules from remote sites, and leave code_server.erl alone for the time
being.  This way, my default erlang can be "as secure as it ever was" and I
can introduce all sorts of horrific hacks at this layer.

I would still want to extend the module syntax with the -location() bit, but
have it fall back to the http_code_server for loading.

Thoughts?

Dave

-- 
-=-=-=-=-=-=-=-=-=-=- http://blog.dloh.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110929/22921213/attachment.htm>


More information about the erlang-questions mailing list