aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Larsson <[email protected]>2017-05-18 16:11:11 +0200
committerLukas Larsson <[email protected]>2017-05-23 14:47:04 +0200
commit30f4fc6963e5793368713897f32afd2172dc1578 (patch)
tree976e2f11cc4d200f4344ec18c2ce430add4e8dc1
parent05dce0f330c83278cb134c7235a5353ce4116307 (diff)
downloadotp-30f4fc6963e5793368713897f32afd2172dc1578.tar.gz
otp-30f4fc6963e5793368713897f32afd2172dc1578.tar.bz2
otp-30f4fc6963e5793368713897f32afd2172dc1578.zip
otp: Extend secure distribution docs warnings
Warnings have been added to the relevant documentation about not using un-secure distributed nodes in exposed environments.
-rw-r--r--erts/doc/src/erl.xml27
-rw-r--r--erts/doc/src/erl_dist_protocol.xml11
-rw-r--r--lib/kernel/doc/src/net_kernel.xml13
-rw-r--r--system/doc/getting_started/conc_prog.xml4
-rw-r--r--system/doc/reference_manual/distributed.xml13
5 files changed, 65 insertions, 3 deletions
diff --git a/erts/doc/src/erl.xml b/erts/doc/src/erl.xml
index e1aa5ce76e..8b152b83f5 100644
--- a/erts/doc/src/erl.xml
+++ b/erts/doc/src/erl.xml
@@ -379,6 +379,16 @@
<c><![CDATA[Host]]></c> is the fully qualified host name of the
current host. For short names, use flag <c><![CDATA[-sname]]></c>
instead.</p>
+ <warning>
+ <p>
+ Starting a distributed node without also specifying
+ <seealso marker="#proto_dist"><c>-proto_dist inet_tls</c></seealso>
+ will expose the node to attacks that may give the attacker
+ complete access to the node and in extension the cluster.
+ When using un-secure distributed nodes, make sure that the
+ network is configured to keep potential attackers out.
+ </p>
+ </warning>
</item>
<tag><c><![CDATA[-noinput]]></c></tag>
<item>
@@ -428,12 +438,17 @@
</item>
<tag><c><![CDATA[-proto_dist Proto]]></c></tag>
<item>
+ <marker id="proto_dist"/>
<p>Specifies a protocol for Erlang distribution:</p>
<taglist>
<tag><c>inet_tcp</c></tag>
<item>TCP over IPv4 (the default)</item>
<tag><c>inet_tls</c></tag>
- <item>Distribution over TLS/SSL</item>
+ <item>Distribution over TLS/SSL, See the
+ <seealso marker="ssl:ssl_distribution">
+ Using SSL for Erlang Distribution</seealso> User's Guide
+ for details on how to setup a secure distributed node.
+ </item>
<tag><c>inet6_tcp</c></tag>
<item>TCP over IPv6</item>
</taglist>
@@ -497,6 +512,16 @@
exist between nodes running with flag <c><![CDATA[-sname]]></c>
and those running with flag <c><![CDATA[-name]]></c>, as node
names must be unique in distributed Erlang systems.</p>
+ <warning>
+ <p>
+ Starting a distributed node without also specifying
+ <seealso marker="#proto_dist"><c>-proto_dist inet_tls</c></seealso>
+ will expose the node to attacks that may give the attacker
+ complete access to the node and in extension the cluster.
+ When using un-secure distributed nodes, make sure that the
+ network is configured to keep potential attackers out.
+ </p>
+ </warning>
</item>
<tag><marker id="start_epmd"/><c>-start_epmd true | false</c></tag>
<item>
diff --git a/erts/doc/src/erl_dist_protocol.xml b/erts/doc/src/erl_dist_protocol.xml
index ee74983730..8391408a2e 100644
--- a/erts/doc/src/erl_dist_protocol.xml
+++ b/erts/doc/src/erl_dist_protocol.xml
@@ -70,6 +70,17 @@
<p>The integers in all multibyte fields are in big-endian order.</p>
+ <warning>
+ <p>
+ The Erlang Distribution protocol is not by itself secure and does not
+ aim to be so. In order to get secure distribution the distributed nodes
+ should be configured to use distribution over tls.
+ See the <seealso marker="ssl:ssl_distribution">
+ Using SSL for Erlang Distribution</seealso> User's Guide
+ for details on how to setup a secure distributed node.
+ </p>
+ </warning>
+
<section>
<title>EPMD Protocol</title>
<p>The requests served by the EPMD are summarized in the following
diff --git a/lib/kernel/doc/src/net_kernel.xml b/lib/kernel/doc/src/net_kernel.xml
index 4e2b0c69db..7ddb849824 100644
--- a/lib/kernel/doc/src/net_kernel.xml
+++ b/lib/kernel/doc/src/net_kernel.xml
@@ -64,6 +64,19 @@ $ <input>erl -sname foobar</input></pre>
by the magic cookie system, see section
<seealso marker="doc/reference_manual:distributed">Distributed Erlang</seealso>
in the Erlang Reference Manual.</p>
+ <warning>
+ <p>
+ Starting a distributed node without also specifying
+ <seealso marker="erts:erl#proto_dist"><c>-proto_dist inet_tls</c></seealso>
+ will expose the node to attacks that may give the attacker
+ complete access to the node and in extension the cluster.
+ When using un-secure distributed nodes, make sure that the
+ network is configured to keep potential attackers out.
+ See the <seealso marker="ssl:ssl_distribution">
+ Using SSL for Erlang Distribution</seealso> User's Guide
+ for details on how to setup a secure distributed node.
+ </p>
+ </warning>
</description>
<funcs>
diff --git a/system/doc/getting_started/conc_prog.xml b/system/doc/getting_started/conc_prog.xml
index f3136898ad..4b19095d95 100644
--- a/system/doc/getting_started/conc_prog.xml
+++ b/system/doc/getting_started/conc_prog.xml
@@ -355,8 +355,8 @@ pong ! {ping, self()},</code>
<p>Let us rewrite the ping pong program with "ping" and "pong"
on different computers. First a few things
are needed to set up to get this to work. The distributed Erlang
- implementation provides a basic security mechanism to prevent
- unauthorized access to an Erlang system on another computer.
+ implementation provides a very basic authentication mechanism to prevent
+ unintentional access to an Erlang system on another computer.
Erlang systems which talk to each other must have
the same <em>magic cookie</em>. The easiest way to achieve this
is by having a file called <c>.erlang.cookie</c> in your home
diff --git a/system/doc/reference_manual/distributed.xml b/system/doc/reference_manual/distributed.xml
index 0a4a323fe9..01d78436c5 100644
--- a/system/doc/reference_manual/distributed.xml
+++ b/system/doc/reference_manual/distributed.xml
@@ -42,6 +42,19 @@
<p>The distribution mechanism is implemented using TCP/IP sockets.
How to implement an alternative carrier is described in the
<seealso marker="erts:alt_dist">ERTS User's Guide</seealso>.</p>
+ <warning>
+ <p>
+ Starting a distributed node without also specifying
+ <seealso marker="erts:erl#proto_dist"><c>-proto_dist inet_tls</c></seealso>
+ will expose the node to attacks that may give the attacker
+ complete access to the node and in extension the cluster.
+ When using un-secure distributed nodes, make sure that the
+ network is configured to keep potential attackers out.
+ See the <seealso marker="ssl:ssl_distribution">
+ Using SSL for Erlang Distribution</seealso> User's Guide
+ for details on how to setup a secure distributed node.
+ </p>
+ </warning>
</section>
<section>