A security vulnerability in the SSH application has recently been
discovered and fixed (thanks to Geoff Cant!). This fix is included in
R14B03, which is why you should consider upgrading if you use SSH. A
detailed description can be found via http://www.cert.org/ Search for
Vulnerability Note - VU#178990 (should be published soon).
On Wed, May 25, 2011 at 04:41:44PM +0200, Ulf Wiger wrote:
> Reading "OTP-9214 epmd: include host address in local access check"
> I recall that I submitted a patch last year that did something similar to this, but (if I understand right) seems more generic.
> http://erlang.org/pipermail/erlang-patches/2010-May/001041.html > "Allow the erlang nodename host part to differ from the hostname"
> It stalled because I didn't submit docs and test cases, which I didn't because there was never any feedback from anyone, nor any replies to my queries about how it might be tested and documented.
> So here goes again: is my patch made redundant by this recent fix? Are they incompatible? Orthogonal? Would it still be interesting to complete the previous patch?
The patches don't overlap. At some point, epmd was restricted to accept
certain commands (like registration, stopping epmd) only from connections
on the loopback. This patch relaxes the check to consider connections
with the same source and destination addresses as local.
erlang-questions mailing list
[hidden email] http://erlang.org/mailman/listinfo/erlang-questions