[erlang-questions] rpc:call to a restricted shell

Laszlo Lovei lovei.laszlo@REDACTED
Tue Dec 18 21:28:15 CET 2012

It's quite important to understand that Erlang is not a scripting language 
where your source code is interpreted and you can use the same interpreter 
as a shell. It's exactly the opposite: the shell is an interpreter (written 
in Erlang and compiled into binary code understood by the Erlang VM) that 
evaluates Erlang expressions entered at the prompt and formatting their 
results. This has a number of consequences regarding performance and 
semantics, expressions evaluated by the shell do not have the same meaning 
as code compiled into modules.

To answer your question too: the rpc server runs independently of the 
shell, and the latter may impose artificial restrictions on what it accepts 
without affecting any other part of the system.


On Tuesday, December 18, 2012 6:28:13 AM UTC+1, Son Tran-Nguyen wrote:
> Hello list,
> In one of my application, I start a restricted shell as a slave node, 
> using a callback module as follow:
> The callback module, for example, returns {false, State} for 
> gen_event:start/0 function to prevent that to be run. When tested in an 
> actual restricted shell, it is prevented as expected:
> smba:eggs esente$ erl -pa apps/*/ebin -stdlib restricted_shell 
> shell_callback
> Erlang R15B02 (erts-5.9.2) [source] [64-bit] [smp:4:4] [async-threads:0] 
> [hipe] [kernel-poll:false] [dtrace]
> Restricted Eshell V5.9.2  (abort with ^G)
> 1> gen_event:start().
> ** exception exit: restricted shell does not allow gen_event:start()
> 2> 
> However, when used in my app by making a call to the remote restricted 
> shell using rpc:call/4, the call went through:
> Args = "-stdlib restricted_shell editor_shell",
> {ok, Node} = slave:start_link(smba, editor, Args),
> {ok, Entity} = rpc:call(Node, gen_event, start, []),
> It returns Entity as a pid().
> I understand that the callback functions cannot be used to allow or 
> disallow execution of functions called from compiled code, but only 
> functions called from expressions entered at the shell prompt.
> I would like to confirm that rpc:call/4 does not enter the call into the 
> remote shell, but doing some stuffs to run the call directly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20121218/24092979/attachment.htm>

More information about the erlang-questions mailing list