[erlang-questions] Remote "access" points

Calum caluml@REDACTED
Wed Nov 18 19:27:14 CET 2009


On Wed, Nov 18, 2009 at 2:18 PM, Ulf Wiger
<ulf.wiger@REDACTED> wrote:
> That's the registered name of the rpc server.
> It is a gen_server, so it's not terribly difficult
> to figure out how to fake a request without spawning
> anything on the remote node.
>
> Try this (not on a production node!):
>
> {rex,RemoteNode} !
> {'$gen_call',{dummy_pid,dummy_ref},{call,erlang,halt,[],self()}}.
>
> If you can send a message to any process on a node, you can
> do evil things to that node in general.

But I spy the module name in there - erlang.
If I could filter the {call,erlang,halt,[],self()} part ( use the
guard =:= 'public', for instance), then that would fail too?

I do appreciate that I'm trying to do stuff that's "way above my pay
grade" in terms of Erlang, but surely all remote module:function(Args)
requests have to enter the remote node somewhere, so there must be a
finite amount of places that would need checking.
Unless in doing so, I'd end up crippling the local stuff too - that
would be a problem.

This is all basically in aid of getting a bunch of people who are
interested in learning/experimenting with Erlang together to form a
sort of public Erlang network, in a way that they could all use
resources on each other's machines, but not in a way that allows any
destructive actions - deleting files, spamming, whatever. If it's not
possible to modify Erlang to do it, a virtual machine, suitably
firewalled would be OK, as potentially could a decent chroot too.

C


More information about the erlang-questions mailing list