[erlang-questions] Process state and sensitive information
Attila Rajmund Nohl
attila.r.nohl@REDACTED
Tue Sep 2 07:53:35 CEST 2014
2014-09-01 23:10 GMT+02:00 Chris de Villiers <chrisdevilliers@REDACTED>:
[...]
> Any other suggestions how I can handle this situation? I do not want
> to start a discussion about OS level security. Lets assume someone
> gets access to the user account under which the VM runs and can attach
> to it.
If the attacker can attach to the VM, you lost. The attacker can turn
on trace and see all of your function calls with their parameters, so
you can't pass the password to any functions. The attacker can also
see all of your messages, so you can't send the password to any other
process. The attacker can even load his/her own code and replace
yours.
More information about the erlang-questions
mailing list