Distributed Erlang Security

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Distributed Erlang Security

Martin Carlson-2
Are there any provisions for code security in Erlang?  To make this
question concrete, suppose I implemented a Gnutella-like system in
Erlang.  Every user now runs an Erlang node.  Suppose one of the users is
malicious; could they execute arbitrary code on the other user's
machines?  Is there any way to use Erlang with untrusted users?

Charles



Reply | Threaded
Open this post in threaded view
|

Distributed Erlang Security

Lon Willett
Hi,

At 19:53 15/01/01, Charles Martin wrote:
>Are there any provisions for code security in Erlang?  To make this question concrete, suppose I implemented a Gnutella-like system in Erlang.  Every user now runs an Erlang node.  Suppose one of the users is malicious; could they execute arbitrary code on the other user's machines?  Is there any way to use Erlang with untrusted users?
>
>Charles

In brief: no, yes, and no.  Currently, Erlang/OTP has very little built-in security of any sort.  I'm trying to put together a basic method of securing the communications layer at the moment, but this still wouldn't answer your needs.

What you want is the Safe Erlang project (http://www.ericsson.se/cslab/~dan/proj/safeerlang).  But I don't think that it is ready to fly yet, and you're likely to run into some other limitations of OTP for this type of application.  So you're pretty much stuck with using TCP or UDP sockets and defining the protocol yourself.  Note however that term_to_binary and binary_to_term can be very handy when you're willing to stick to strictly Erlang implementations of your protocol.  In that case, it's not _too_ painful to implement, despite not being as convenient as using the built-in communication facility.

/Lon



Reply | Threaded
Open this post in threaded view
|

Distributed Erlang Security

Francesco Cesarini
In reply to this post by Martin Carlson-2
Have you looked at the net kernel? It is an Erlang process which
coordinates operations in a distributed Erlang Node. Bifs dealing with
distribution (such as spawn) are converted into messages on the
originating node and sent to the net kernel on its peer. It will also
handle authentication and reject or accept messages.

You can change the net kernel with a user defined process and do things
such as

* change the authentication scheme
* allow messages to be sent only to a specific registered process
* Block spawning of processes,
* etc. etc.

There are probably many issues I have not covered, but hopefully the
above should get you going in the right track.

Regards,
Francesco

Charles Martin wrote:
>
> Are there any provisions for code security in Erlang?  To make this
> question concrete, suppose I implemented a Gnutella-like system in
> Erlang.  Every user now runs an Erlang node.  Suppose one of the users is
> malicious; could they execute arbitrary code on the other user's
> machines?  Is there any way to use Erlang with untrusted users?
>
> Charles

--
Francesco Cesarini

Erlang/OTP consultant
Cellular: INT+44-7776 250381
ECN: 832-707192
http://welcome.to/cesarini.consulting