[erlang-questions] Erlang offensive paper
Eric des Courtis
Eric.desCourtis@REDACTED
Wed Jun 1 15:51:43 CEST 2016
I would be nice if BEAM could address these issues (not Erlang) so that new
more secure languages could be implemented on the BEAM.
I think it will be done sooner or later. The sooner the better IMO if BEAM
is to remain relevant in the long term.
On Wed, Jun 1, 2016 at 7:32 AM, Nathaniel Waisbrot <nathaniel@REDACTED>
wrote:
> Does anyone know if there is anything in the works or proposed around the
> "If someone gets inside the network, the cookie is the only protection
> left" situation?
>
>
>
> Yes: use SSL for distribution and to talk to other services.
> http://erlang.org/doc/apps/ssl/ssl_distribution.html
>
> This assumes that by "inside the network" you mean past the
> firewall/gateway/NAT. But you could also view this as using encryption to
> build an inner network that just contains your Erlang nodes. Once you're
> inside *that* network things are still open.
>
> The author suggests that since the BEAM is an OS you might want all the
> access controls that a full OS offers. This would (e.g.) allow some people
> to launch processes and kill the process that they'd launched, but only
> some root user could terminate the Cowboy application. This would take an
> enormous amount of work and there are other ways of getting the same
> effect, so I can't imagine this happening.
>
> What you should do is understand that a network of Erlang nodes behaves
> (as much as possible) like a single node. If you don't trust a remote node,
> do not link with it under any circumstances. If you want to allow trusted
> and untrusted code to interoperate, you need to write your own
> communication layer for them.
>
>
> Finally, to get the security model of all the other languages that I'm
> aware of, you can disable distribution.
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160601/6943b8bf/attachment.htm>
More information about the erlang-questions
mailing list