[erlang-questions] Right direction ?

Robert Virding <>
Thu Sep 29 17:49:01 CEST 2011


----- Original Message -----

> On Wed, Sep 28, 2011 at 6:28 AM, Joe Armstrong <  >
> wrote:

> > 3) Some programs (actually any program) evaluates the BIF
> 

> > erlang:load_module(Mod, Bin)
> 

> I'm curious, this looks like one place in the entire system that I'd
> love to keep an active trace log of over time. Since we can load
> arbitrary byte code here, it is the most likely place for abuse
> (both good and bad).

> This makes me feel like it might be a half decent idea to implement
> http_code_server.erl that uses erlang:load_module(Mod,Bin) to
> directly load modules from remote sites, and leave code_server.erl
> alone for the time being. This way, my default erlang can be "as
> secure as it ever was" and I can introduce all sorts of horrific
> hacks at this layer.
If you intend that http_code_server to run instead of code_server.erl or together with it? If together then it probably be better if http_code_server used code_server to do the actual code management in the node; having to code servers will definitely lead to trouble. 

> I would still want to extend the module syntax with the -location()
> bit, but have it fall back to the http_code_server for loading.

> Thoughts?

> Dave
Robert 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110929/6e57af5d/attachment.html>


More information about the erlang-questions mailing list