Richard Bucker

Hard to break in -- erlang on zen

Posted at — Jun 29, 2013

“Erlang on Xen drastically limits options of a malicious attacker”. 
Well, this from the maybe factory. Actually the supporting justification is that the instance does not open any ports that the application running in the VM does not open.  Also, since it’s erlang and it’s compiled in their special sandbox it’s also reasonable to assume that code injection is not likely too unless it’s a passthru to a backend DB.

But there are a few problems with their claims. (a) erlang on xen does not run on bare metal. The system still requires a host OS. And that host OS is still vulnerable. (b) While any other system might be connected to the web… it is very likely protected by a firewall in all but the basic rackspace, peer1, linode, etc… cloud installations.

So frankly erlang on xen is no more or less secure.