+
Skip to content

Bind to localhost #944

@tsloughter

Description

@tsloughter

Security WG of EEF flagged the issue of EPMD binding to non-localhost interfaces. I think adding their suggestion of:

-env ERL_EPMD_ADDRESS "127.0.0.1"

-kernel inet_dist_use_interface '{127, 0, 0, 1}'

to vm.args template makes sense.

We'll still just rely on the user setting ERL_DIST_PORT to automatically disable boot of epmd and set a static port for distribution.

Only worry is, now that I think more about it, it is sort of a breaking change more than I was thinking. Now people who expect the defaults to work for deploying a cluster will discover they have to make changes.

I was mainly thinking I wanted a) not to remove -sname/-name from the defaults so the remote console continued to work and b) for local dev of a release to not have any issues.

Not sure if we want a relx 5.0 just for this... Or just do it in a minor release.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

    点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载