| … | |
… | |
| 473 | including remotely-triggered execution of code. |
473 | including remotely-triggered execution of code. |
| 474 | |
474 | |
| 475 | Sometimes a more secure mode is desired - this can be achieved by setting |
475 | Sometimes a more secure mode is desired - this can be achieved by setting |
| 476 | the secure option to a true value. |
476 | the secure option to a true value. |
| 477 | |
477 | |
| 478 | When secure mode is enabled, then remote nodes cannot execute code |
478 | When secure mode is enabled, then the node will not execute code locally, |
| 479 | locally, at least not via the normal node protocol. All other messages are |
479 | at least not via the normal node protocol. All other messages are still |
| 480 | still allowed. This means remote nodes can monitor, kill or local ports |
480 | allowed. This means remote nodes can monitor, kill or local ports (port |
| 481 | (port names can be easily guessed). |
481 | names can be easily guessed). Specifically, note that the very common |
|
|
482 | "send me a list that I prepend to my reply message" idiom can easily |
|
|
483 | be used to subvert this security mechanism by asking a trusted node to |
|
|
484 | "reply" to some other message. |
| 482 | |
485 | |
| 483 | At the moment, this affects C<snd_on>, C<eval_on> and C<spawn> |
486 | At the moment, this setting affects C<snd_on>, C<eval_on> and C<spawn> |
| 484 | functionality. |
487 | functionality. |
| 485 | |
488 | |
| 486 | The C<configure> function additionally allows you to specify a callback |
489 | The C<configure> function additionally allows you to specify a callback |
| 487 | that can grant or suppress such requests on a per-node basis. |
490 | that can grant or suppress such requests on a per-node basis. |
| 488 | |
491 | |
| … | |
… | |
| 629 | |
632 | |
| 630 | our $cfg = AnyEvent::MP::Config::config; |
633 | our $cfg = AnyEvent::MP::Config::config; |
| 631 | our $profile = $cfg; |
634 | our $profile = $cfg; |
| 632 | |
635 | |
| 633 | sub trace { |
636 | sub trace { |
| 634 | my ($node) = @_; |
637 | my ($seed) = @_; |
| 635 | my $cv = AE::cv; |
638 | my $cv = AE::cv; |
| 636 | my %seen; |
639 | my %seen; |
| 637 | |
640 | |
| 638 | my $to = AE::timer 15, 0, sub { exit 1 }; |
641 | my $to; |
| 639 | |
642 | |
| 640 | init; |
643 | init; |
| 641 | |
644 | |
| 642 | my $reply = port { |
645 | my $reply = port { |
| 643 | my ($node, undef, @neigh) = @_; |
646 | my ($node, undef, @neigh) = @_; |
| 644 | |
647 | |
|
|
648 | $to = AE::timer 15, 0, sub { exit 1 }; |
| 645 | @neigh = grep $_ ne $NODE, @neigh; |
649 | @neigh = grep $_ ne $NODE, @neigh; |
| 646 | |
650 | |
| 647 | print $node, " -> ", (join " ", @neigh), "\n"; |
651 | print $node, " -> ", (join " ", @neigh), "\n"; |
| 648 | |
652 | |
| 649 | for (@neigh) { |
653 | for (@neigh) { |
| … | |
… | |
| 655 | |
659 | |
| 656 | $cv->end; |
660 | $cv->end; |
| 657 | }; |
661 | }; |
| 658 | |
662 | |
| 659 | $cv->begin; |
663 | $cv->begin; |
| 660 | snd $reply, $node => undef, AnyEvent::MP::Kernel::up_nodes; |
664 | snd $reply, seed => undef, $seed; |
| 661 | |
665 | |
| 662 | $cv->recv; |
666 | $cv->recv; |
| 663 | } |
667 | } |
| 664 | |
668 | |
| 665 | sub shell { |
669 | sub shell { |
| … | |
… | |
| 678 | |
682 | |
| 679 | EOF |
683 | EOF |
| 680 | my $pkg = "AnyEvent::MP::Kernel"; |
684 | my $pkg = "AnyEvent::MP::Kernel"; |
| 681 | my $cv = AE::cv; |
685 | my $cv = AE::cv; |
| 682 | my $echo = port { |
686 | my $echo = port { |
| 683 | print "\n ECHO<$AnyEvent::MP::Kernel::SRCNODE->{id}> ", JSON::XS::encode_json \@_, "\n$node $pkg> "; |
687 | print "\n ECHO<$AnyEvent::MP::Kernel::SRCNODE> ", JSON::XS::encode_json \@_, "\n$node $pkg> "; |
| 684 | }; |
688 | }; |
| 685 | print "$node $pkg> "; |
689 | print "$node $pkg> "; |
| 686 | my $t = AE::io *STDIN, 0, sub { |
690 | my $t = AE::io *STDIN, 0, sub { |
| 687 | chomp (my $line = <STDIN>); |
691 | chomp (my $line = <STDIN>); |
| 688 | |
692 | |
