[erlang-questions] Erlang offensive paper
Richard A. O'Keefe
ok@REDACTED
Thu Jun 2 00:18:19 CEST 2016
A rough summary:
- The underlying C code can be attacked through Erlang.
* Avoid NIFs if you can.
- The default distribution machinery has weak security.
* Search the archives for alternative distribution methods,
e.g., TLS
- Secrets can leak out through the OS and attacks can leak in.
* Can dumps be routed to another machine, through TLS?
* Limit use of external commands.
Whatever happened to Laurie Brown's work on "Safe Erlang"?
More information about the erlang-questions
mailing list