<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Times New Roman; font-size: 12pt; color: #000000'><hr id="zwchr"><blockquote style="border-left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;">On Wed, Sep 28, 2011 at 6:28 AM, Joe Armstrong <span dir="ltr"><<a href="mailto:erlang@gmail.com" target="_blank">erlang@gmail.com</a>></span> wrote:<div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
3) Some programs (actually any program) evaluates the BIF<br>
<br>
erlang:load_module(Mod, Bin)<br></blockquote><div><br></div><div>I'm curious, this looks like one place in the entire system that I'd love to keep an active trace log of over time. Since we can load arbitrary byte code here, it is the most likely place for abuse (both good and bad).</div>
<div><br></div><div id="DWT795">This makes me feel like it might be a half decent idea to implement http_code_server.erl that uses erlang:load_module(Mod,Bin) to directly load modules from remote sites, and leave code_server.erl alone for the time being. This way, my default erlang can be "as secure as it ever was" and I can introduce all sorts of horrific hacks at this layer.</div></div></blockquote><br>If you intend that http_code_server to run <strong>instead</strong> of code_server.erl or <span style="font-weight: bold;">together</span> with it? If together then it probably be better if http_code_server used code_server to do the actual code management in the node; having to code servers will definitely lead to trouble.<br><br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px; color: rgb(0, 0, 0); font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><div class="gmail_quote"><div></div>
<div>I would still want to extend the module syntax with the -location() bit, but have it fall back to the http_code_server for loading.</div><div><br></div><div>Thoughts?</div><div><br></div><div id="DWT796">Dave</div></div></blockquote>Robert<br><br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px; color: rgb(0, 0, 0); font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><div class="gmail_quote"><div></div>
</div></blockquote></div></body></html>