aboutsummaryrefslogtreecommitdiffstats
path: root/erts/doc/src/erl.xml
diff options
context:
space:
mode:
Diffstat (limited to 'erts/doc/src/erl.xml')
-rw-r--r--erts/doc/src/erl.xml62
1 files changed, 41 insertions, 21 deletions
diff --git a/erts/doc/src/erl.xml b/erts/doc/src/erl.xml
index e1aa5ce76e..638e88ca31 100644
--- a/erts/doc/src/erl.xml
+++ b/erts/doc/src/erl.xml
@@ -379,6 +379,16 @@
<c><![CDATA[Host]]></c> is the fully qualified host name of the
current host. For short names, use flag <c><![CDATA[-sname]]></c>
instead.</p>
+ <warning>
+ <p>
+ Starting a distributed node without also specifying
+ <seealso marker="#proto_dist"><c>-proto_dist inet_tls</c></seealso>
+ will expose the node to attacks that may give the attacker
+ complete access to the node and in extension the cluster.
+ When using un-secure distributed nodes, make sure that the
+ network is configured to keep potential attackers out.
+ </p>
+ </warning>
</item>
<tag><c><![CDATA[-noinput]]></c></tag>
<item>
@@ -428,12 +438,17 @@
</item>
<tag><c><![CDATA[-proto_dist Proto]]></c></tag>
<item>
+ <marker id="proto_dist"/>
<p>Specifies a protocol for Erlang distribution:</p>
<taglist>
<tag><c>inet_tcp</c></tag>
<item>TCP over IPv4 (the default)</item>
<tag><c>inet_tls</c></tag>
- <item>Distribution over TLS/SSL</item>
+ <item>Distribution over TLS/SSL, See the
+ <seealso marker="ssl:ssl_distribution">
+ Using SSL for Erlang Distribution</seealso> User's Guide
+ for details on how to setup a secure distributed node.
+ </item>
<tag><c>inet6_tcp</c></tag>
<item>TCP over IPv6</item>
</taglist>
@@ -497,6 +512,16 @@
exist between nodes running with flag <c><![CDATA[-sname]]></c>
and those running with flag <c><![CDATA[-name]]></c>, as node
names must be unique in distributed Erlang systems.</p>
+ <warning>
+ <p>
+ Starting a distributed node without also specifying
+ <seealso marker="#proto_dist"><c>-proto_dist inet_tls</c></seealso>
+ will expose the node to attacks that may give the attacker
+ complete access to the node and in extension the cluster.
+ When using un-secure distributed nodes, make sure that the
+ network is configured to keep potential attackers out.
+ </p>
+ </warning>
</item>
<tag><marker id="start_epmd"/><c>-start_epmd true | false</c></tag>
<item>
@@ -1528,32 +1553,27 @@
<item>
<p><em>Unix systems</em>: This variable gives the number of seconds
that the emulator is allowed to spend writing a crash dump. When the
- given number of seconds have elapsed, the emulator is terminated by a
- <c>SIGALRM</c> signal.</p>
- <p>If the variable is <em>not</em> set or set to <c>0</c> seconds
- (<c><![CDATA[ERL_CRASH_DUMP_SECONDS=0]]></c>), the runtime system does
- not even attempt to write the crash dump file. It only terminates.</p>
- <p>If the variable is set to negative value, such as
- <c><![CDATA[ERL_CRASH_DUMP_SECONDS=-1]]></c>, the runtime system
- waits indefinitely for the crash dump file to be written.</p>
- <p>This variable is used with <seealso marker="kernel:heart">
- <c>heart(3)</c></seealso> if <c>heart</c> is running:</p>
+ given number of seconds have elapsed, the emulator is terminated.</p>
<taglist>
<tag><c><![CDATA[ERL_CRASH_DUMP_SECONDS=0]]></c></tag>
- <item>Suppresses the writing a crash dump file entirely, thus
- rebooting the runtime system immediately. This is the same as not
- setting the environment variable.
+ <item>If the variable is set to <c>0</c> seconds, the runtime system does
+ not even attempt to write the crash dump file. It only terminates.
+ This is the default if option <c>-heart</c> is passed to <c>erl</c>
+ and <c>ERL_CRASH_DUMP_SECONDS</c> is not set.
+ </item>
+ <tag><c><![CDATA[ERL_CRASH_DUMP_SECONDS=S]]></c></tag>
+ <item>If the variable is set to a positive value <c>S</c>,
+ wait for <c>S</c> seconds to complete the crash dump file and
+ then terminates the runtime system with a <c>SIGALRM</c> signal.
</item>
<tag><c><![CDATA[ERL_CRASH_DUMP_SECONDS=-1]]></c></tag>
- <item>Setting the environment variable to a negative value causes the
- termination of the runtime system to wait until the crash dump file
- has been completly written.
- </item>
- <tag><c><![CDATA[ERL_CRASH_DUMP_SECONDS=S]]></c></tag>
- <item>Waits for <c>S</c> seconds to complete the crash dump file and
- then terminates the runtime system.
+ <item>A negative value causes the termination of the runtime system
+ to wait indefinitely until the crash dump file has been completly
+ written. This is the default if option <c>-heart</c> is <em>not</em>
+ passed to <c>erl</c> and <c>ERL_CRASH_DUMP_SECONDS</c> is not set.
</item>
</taglist>
+ <p>See also <seealso marker="kernel:heart"><c>heart(3)</c></seealso>.</p>
</item>
<tag><c><![CDATA[ERL_CRASH_DUMP_BYTES]]></c></tag>
<item>