From 30f4fc6963e5793368713897f32afd2172dc1578 Mon Sep 17 00:00:00 2001
From: Lukas Larsson <lukas@erlang.org>
Date: Thu, 18 May 2017 16:11:11 +0200
Subject: otp: Extend secure distribution docs warnings

Warnings have been added to the relevant documentation
about not using un-secure distributed nodes in exposed
environments.
---
 erts/doc/src/erl.xml               | 27 ++++++++++++++++++++++++++-
 erts/doc/src/erl_dist_protocol.xml | 11 +++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

(limited to 'erts/doc/src')

diff --git a/erts/doc/src/erl.xml b/erts/doc/src/erl.xml
index e1aa5ce76e..8b152b83f5 100644
--- a/erts/doc/src/erl.xml
+++ b/erts/doc/src/erl.xml
@@ -379,6 +379,16 @@
           <c><![CDATA[Host]]></c> is the fully qualified host name of the
           current host. For short names, use flag <c><![CDATA[-sname]]></c>
           instead.</p>
+        <warning>
+          <p>
+            Starting a distributed node without also specifying
+            <seealso marker="#proto_dist"><c>-proto_dist inet_tls</c></seealso>
+            will expose the node to attacks that may give the attacker
+            complete access to the node and in extension the cluster.
+            When using un-secure distributed nodes, make sure that the
+            network is configured to keep potential attackers out.
+          </p>
+        </warning>
       </item>
       <tag><c><![CDATA[-noinput]]></c></tag>
       <item>
@@ -428,12 +438,17 @@
       </item>
       <tag><c><![CDATA[-proto_dist Proto]]></c></tag>
       <item>
+        <marker id="proto_dist"/>
         <p>Specifies a protocol for Erlang distribution:</p>
         <taglist>
           <tag><c>inet_tcp</c></tag>
           <item>TCP over IPv4 (the default)</item>
           <tag><c>inet_tls</c></tag>
-          <item>Distribution over TLS/SSL</item>
+          <item>Distribution over TLS/SSL, See the
+            <seealso marker="ssl:ssl_distribution">
+              Using SSL for Erlang Distribution</seealso> User's Guide
+              for details on how to setup a secure distributed node.
+          </item>
           <tag><c>inet6_tcp</c></tag>
           <item>TCP over IPv6</item>
         </taglist>
@@ -497,6 +512,16 @@
           exist between nodes running with flag <c><![CDATA[-sname]]></c>
           and those running with flag <c><![CDATA[-name]]></c>, as node
           names must be unique in distributed Erlang systems.</p>
+        <warning>
+          <p>
+            Starting a distributed node without also specifying
+            <seealso marker="#proto_dist"><c>-proto_dist inet_tls</c></seealso>
+            will expose the node to attacks that may give the attacker
+            complete access to the node and in extension the cluster.
+            When using un-secure distributed nodes, make sure that the
+            network is configured to keep potential attackers out.
+          </p>
+        </warning>
       </item>
       <tag><marker id="start_epmd"/><c>-start_epmd true | false</c></tag>
       <item>
diff --git a/erts/doc/src/erl_dist_protocol.xml b/erts/doc/src/erl_dist_protocol.xml
index ee74983730..8391408a2e 100644
--- a/erts/doc/src/erl_dist_protocol.xml
+++ b/erts/doc/src/erl_dist_protocol.xml
@@ -70,6 +70,17 @@
 
   <p>The integers in all multibyte fields are in big-endian order.</p>
 
+  <warning>
+    <p>
+      The Erlang Distribution protocol is not by itself secure and does not
+      aim to be so. In order to get secure distribution the distributed nodes
+      should be configured to use distribution over tls.
+      See the <seealso marker="ssl:ssl_distribution">
+      Using SSL for Erlang Distribution</seealso> User's Guide
+      for details on how to setup a secure distributed node.
+    </p>
+  </warning>
+
   <section>
     <title>EPMD Protocol</title>
     <p>The requests served by the EPMD are summarized in the following
-- 
cgit v1.2.3