… | |
… | |
473 | including remotely-triggered execution of code. |
473 | including remotely-triggered execution of code. |
474 | |
474 | |
475 | Sometimes a more secure mode is desired - this can be achieved by setting |
475 | Sometimes a more secure mode is desired - this can be achieved by setting |
476 | the secure option to a true value. |
476 | the secure option to a true value. |
477 | |
477 | |
478 | When secure mode is enabled, then remote nodes cannot execute code |
478 | When secure mode is enabled, then the node will not execute code locally, |
479 | locally, at least not via the normal node protocol. All other messages are |
479 | at least not via the normal node protocol. All other messages are still |
480 | still allowed. This means remote nodes can monitor, kill or local ports |
480 | allowed. This means remote nodes can monitor, kill or local ports (port |
481 | (port names can be easily guessed). |
481 | names can be easily guessed). Specifically, note that the very common |
|
|
482 | "send me a list that I prepend to my reply message" idiom can easily |
|
|
483 | be used to subvert this security mechanism by asking a trusted node to |
|
|
484 | "reply" to some other message. |
482 | |
485 | |
483 | At the moment, this affects C<snd_on>, C<eval_on> and C<spawn> |
486 | At the moment, this setting affects C<snd_on>, C<eval_on> and C<spawn> |
484 | functionality. |
487 | functionality. |
485 | |
488 | |
486 | The C<configure> function additionally allows you to specify a callback |
489 | The C<configure> function additionally allows you to specify a callback |
487 | that can grant or suppress such requests on a per-node basis. |
490 | that can grant or suppress such requests on a per-node basis. |
488 | |
491 | |
… | |
… | |
629 | |
632 | |
630 | our $cfg = AnyEvent::MP::Config::config; |
633 | our $cfg = AnyEvent::MP::Config::config; |
631 | our $profile = $cfg; |
634 | our $profile = $cfg; |
632 | |
635 | |
633 | sub trace { |
636 | sub trace { |
634 | my ($node) = @_; |
637 | my ($seed) = @_; |
635 | my $cv = AE::cv; |
638 | my $cv = AE::cv; |
636 | my %seen; |
639 | my %seen; |
637 | |
640 | |
638 | my $to = AE::timer 15, 0, sub { exit 1 }; |
641 | my $to; |
639 | |
642 | |
640 | init; |
643 | init; |
641 | |
644 | |
642 | my $reply = port { |
645 | my $reply = port { |
643 | my ($node, undef, @neigh) = @_; |
646 | my ($node, undef, @neigh) = @_; |
644 | |
647 | |
|
|
648 | $to = AE::timer 15, 0, sub { exit 1 }; |
645 | @neigh = grep $_ ne $NODE, @neigh; |
649 | @neigh = grep $_ ne $NODE, @neigh; |
646 | |
650 | |
647 | print $node, " -> ", (join " ", @neigh), "\n"; |
651 | print $node, " -> ", (join " ", @neigh), "\n"; |
648 | |
652 | |
649 | for (@neigh) { |
653 | for (@neigh) { |
… | |
… | |
655 | |
659 | |
656 | $cv->end; |
660 | $cv->end; |
657 | }; |
661 | }; |
658 | |
662 | |
659 | $cv->begin; |
663 | $cv->begin; |
660 | snd $reply, $node => undef, AnyEvent::MP::Kernel::up_nodes; |
664 | snd $reply, seed => undef, $seed; |
661 | |
665 | |
662 | $cv->recv; |
666 | $cv->recv; |
663 | } |
667 | } |
664 | |
668 | |
665 | sub shell { |
669 | sub shell { |
… | |
… | |
678 | |
682 | |
679 | EOF |
683 | EOF |
680 | my $pkg = "AnyEvent::MP::Kernel"; |
684 | my $pkg = "AnyEvent::MP::Kernel"; |
681 | my $cv = AE::cv; |
685 | my $cv = AE::cv; |
682 | my $echo = port { |
686 | my $echo = port { |
683 | print "\n ECHO<$AnyEvent::MP::Kernel::SRCNODE->{id}> ", JSON::XS::encode_json \@_, "\n$node $pkg> "; |
687 | print "\n ECHO<$AnyEvent::MP::Kernel::SRCNODE> ", JSON::XS::encode_json \@_, "\n$node $pkg> "; |
684 | }; |
688 | }; |
685 | print "$node $pkg> "; |
689 | print "$node $pkg> "; |
686 | my $t = AE::io *STDIN, 0, sub { |
690 | my $t = AE::io *STDIN, 0, sub { |
687 | chomp (my $line = <STDIN>); |
691 | chomp (my $line = <STDIN>); |
688 | |
692 | |