[erlang-questions] Erlang offensive paper

[Nathaniel Waisbrot]

> Does anyone know if there is anything in the works or proposed around the "If someone gets inside the network, the cookie is the only protection left" situation?


Yes: use SSL for distribution and to talk to other services.  http://erlang.org/doc/apps/ssl/ssl_distribution.html

This assumes that by "inside the network" you mean past the firewall/gateway/NAT. But you could also view this as using encryption to build an inner network that just contains your Erlang nodes. Once you're inside *that* network things are still open.

The author suggests that since the BEAM is an OS you might want all the access controls that a full OS offers. This would (e.g.) allow some people to launch processes and kill the process that they'd launched, but only some root user could terminate the Cowboy application. This would take an enormous amount of work and there are other ways of getting the same effect, so I can't imagine this happening.

What you should do is understand that a network of Erlang nodes behaves (as much as possible) like a single node. If you don't trust a remote node, do not link with it under any circumstances. If you want to allow trusted and untrusted code to interoperate, you need to write your own communication layer for them.


Finally, to get the security model of all the other languages that I'm aware of, you can disable distribution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160601/ad9c7d7f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160601/ad9c7d7f/attachment.bin>