[erlang-questions] A less trusting Erlang.

Ulf Wiger ulf.wiger@REDACTED
Wed Oct 14 17:30:58 CEST 2009


Jacob Torrey wrote:
> Ulf,
> 	If rex a required process? Is there any way to turn it off, or replace
> it with a module of my choosing? Could you please point me to a
> reference on rex, all I can find is a passing reference in erl_call.
> 
> 		Jacob

Rex is the registered name of the rpc server.

The one way I know of to turn it off is to start erlang with
erl -mode minimal


Not really sure where -mode minimal is documented, though,
but rpc is not all it turns off - you get no Distributed Erlang
at all. So I don't think that solves your problem.

You should see this as an example of how difficult it is to make
Erlang safe if you allow remote processes to send messages. Since
any message can be sent to any process, 'rex' is just the most
obvious vulnerability to exploit.

You are much better off setting up a narrow pipe and allowing
only a small set of messages. Since most communication is
wrapped inside function calls, it really isn't as limiting as
you might suspect at first.

BR,
Ulf W


> 
> Ulf Wiger wrote:
>> Jacob Torrey wrote:
>>> Could perhaps the pid generation in the VM be made more random,
>>> therefore you can only gain access to pids that you know the name to?
>>> This seems like an obvious (and pretty trivial) solution to obscure and
>>> increase the security of the Erlang system.
>> You don't even need to bother with the pids:
>>
>> {rex,Node} ! {'$gen_cast',{cast,M,F,A,user}}
>>
>> ...will allow you to execute any function on Node.
>>
>> BR,
>> Ulf W
> 


-- 
Ulf Wiger
CTO, Erlang Training & Consulting Ltd
http://www.erlang-consulting.com


More information about the erlang-questions mailing list