From 30f4fc6963e5793368713897f32afd2172dc1578 Mon Sep 17 00:00:00 2001 From: Lukas Larsson Date: Thu, 18 May 2017 16:11:11 +0200 Subject: otp: Extend secure distribution docs warnings Warnings have been added to the relevant documentation about not using un-secure distributed nodes in exposed environments. --- erts/doc/src/erl.xml | 27 ++++++++++++++++++++++++++- erts/doc/src/erl_dist_protocol.xml | 11 +++++++++++ lib/kernel/doc/src/net_kernel.xml | 13 +++++++++++++ system/doc/getting_started/conc_prog.xml | 4 ++-- system/doc/reference_manual/distributed.xml | 13 +++++++++++++ 5 files changed, 65 insertions(+), 3 deletions(-) diff --git a/erts/doc/src/erl.xml b/erts/doc/src/erl.xml index e1aa5ce76e..8b152b83f5 100644 --- a/erts/doc/src/erl.xml +++ b/erts/doc/src/erl.xml @@ -379,6 +379,16 @@ is the fully qualified host name of the current host. For short names, use flag instead.

+ +

+ Starting a distributed node without also specifying + -proto_dist inet_tls + will expose the node to attacks that may give the attacker + complete access to the node and in extension the cluster. + When using un-secure distributed nodes, make sure that the + network is configured to keep potential attackers out. +

+ @@ -428,12 +438,17 @@ +

Specifies a protocol for Erlang distribution:

inet_tcp TCP over IPv4 (the default) inet_tls - Distribution over TLS/SSL + Distribution over TLS/SSL, See the + + Using SSL for Erlang Distribution User's Guide + for details on how to setup a secure distributed node. + inet6_tcp TCP over IPv6 @@ -497,6 +512,16 @@ exist between nodes running with flag and those running with flag , as node names must be unique in distributed Erlang systems.

+ +

+ Starting a distributed node without also specifying + -proto_dist inet_tls + will expose the node to attacks that may give the attacker + complete access to the node and in extension the cluster. + When using un-secure distributed nodes, make sure that the + network is configured to keep potential attackers out. +

+ -start_epmd true | false diff --git a/erts/doc/src/erl_dist_protocol.xml b/erts/doc/src/erl_dist_protocol.xml index ee74983730..8391408a2e 100644 --- a/erts/doc/src/erl_dist_protocol.xml +++ b/erts/doc/src/erl_dist_protocol.xml @@ -70,6 +70,17 @@

The integers in all multibyte fields are in big-endian order.

+ +

+ The Erlang Distribution protocol is not by itself secure and does not + aim to be so. In order to get secure distribution the distributed nodes + should be configured to use distribution over tls. + See the + Using SSL for Erlang Distribution User's Guide + for details on how to setup a secure distributed node. +

+ +
EPMD Protocol

The requests served by the EPMD are summarized in the following diff --git a/lib/kernel/doc/src/net_kernel.xml b/lib/kernel/doc/src/net_kernel.xml index 4e2b0c69db..7ddb849824 100644 --- a/lib/kernel/doc/src/net_kernel.xml +++ b/lib/kernel/doc/src/net_kernel.xml @@ -64,6 +64,19 @@ $ erl -sname foobar by the magic cookie system, see section Distributed Erlang in the Erlang Reference Manual.

+ +

+ Starting a distributed node without also specifying + -proto_dist inet_tls + will expose the node to attacks that may give the attacker + complete access to the node and in extension the cluster. + When using un-secure distributed nodes, make sure that the + network is configured to keep potential attackers out. + See the + Using SSL for Erlang Distribution User's Guide + for details on how to setup a secure distributed node. +

+ diff --git a/system/doc/getting_started/conc_prog.xml b/system/doc/getting_started/conc_prog.xml index f3136898ad..4b19095d95 100644 --- a/system/doc/getting_started/conc_prog.xml +++ b/system/doc/getting_started/conc_prog.xml @@ -355,8 +355,8 @@ pong ! {ping, self()},

Let us rewrite the ping pong program with "ping" and "pong" on different computers. First a few things are needed to set up to get this to work. The distributed Erlang - implementation provides a basic security mechanism to prevent - unauthorized access to an Erlang system on another computer. + implementation provides a very basic authentication mechanism to prevent + unintentional access to an Erlang system on another computer. Erlang systems which talk to each other must have the same magic cookie. The easiest way to achieve this is by having a file called .erlang.cookie in your home diff --git a/system/doc/reference_manual/distributed.xml b/system/doc/reference_manual/distributed.xml index 0a4a323fe9..01d78436c5 100644 --- a/system/doc/reference_manual/distributed.xml +++ b/system/doc/reference_manual/distributed.xml @@ -42,6 +42,19 @@

The distribution mechanism is implemented using TCP/IP sockets. How to implement an alternative carrier is described in the ERTS User's Guide.

+ +

+ Starting a distributed node without also specifying + -proto_dist inet_tls + will expose the node to attacks that may give the attacker + complete access to the node and in extension the cluster. + When using un-secure distributed nodes, make sure that the + network is configured to keep potential attackers out. + See the + Using SSL for Erlang Distribution User's Guide + for details on how to setup a secure distributed node. +

+
-- cgit v1.2.3