[erlang-questions] Right direction ?
Robert Virding
robert.virding@REDACTED
Thu Sep 29 17:49:01 CEST 2011
----- Original Message -----
> On Wed, Sep 28, 2011 at 6:28 AM, Joe Armstrong < erlang@REDACTED >
> wrote:
> > 3) Some programs (actually any program) evaluates the BIF
>
> > erlang:load_module(Mod, Bin)
>
> I'm curious, this looks like one place in the entire system that I'd
> love to keep an active trace log of over time. Since we can load
> arbitrary byte code here, it is the most likely place for abuse
> (both good and bad).
> This makes me feel like it might be a half decent idea to implement
> http_code_server.erl that uses erlang:load_module(Mod,Bin) to
> directly load modules from remote sites, and leave code_server.erl
> alone for the time being. This way, my default erlang can be "as
> secure as it ever was" and I can introduce all sorts of horrific
> hacks at this layer.
If you intend that http_code_server to run instead of code_server.erl or together with it? If together then it probably be better if http_code_server used code_server to do the actual code management in the node; having to code servers will definitely lead to trouble.
> I would still want to extend the module syntax with the -location()
> bit, but have it fall back to the http_code_server for loading.
> Thoughts?
> Dave
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20110929/6e57af5d/attachment.htm>
More information about the erlang-questions
mailing list