[erlang-questions] Erlang offensive paper
Thu Jun 2 00:26:56 CEST 2016
In fairness; should we ever rely on the underlying virtual machine to be
secure for any platform? If you were coding a *ahem* NodeJS app, would you
rely on its security?
Personally, I implement security for the messaging, be it HTTP or sockets
etc., and implement safeguards around that VM through other technologies.
In fact, I even proxy my HTTP / sockets.
On Thu, Jun 2, 2016 at 10:18 AM, Richard A. O'Keefe <ok@REDACTED>
> A rough summary:
> - The underlying C code can be attacked through Erlang.
> * Avoid NIFs if you can.
> - The default distribution machinery has weak security.
> * Search the archives for alternative distribution methods,
> e.g., TLS
> - Secrets can leak out through the OS and attacks can leak in.
> * Can dumps be routed to another machine, through TLS?
> * Limit use of external commands.
> Whatever happened to Laurie Brown's work on "Safe Erlang"?
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions