Verifying integrity of loaded modules

I’m searching for how we can validate that the module that is currently loaded in memory is indeed the same one we originally packaged with a release.

Given that once you have iex access on to a node you can change the underlying modules that are running in real time (which is a feature I appreciate), there may be some function calls that I want bound to a third party module such that if someone changed that third party module by simply

defmodule ThirdPartyModule do

  def foo do
    {:ok, :runtime_replacement_value}
  end

end

The calling function would see the integrity of the original module has been tampered with and would crash rather than call the new module function.

I’m assuming there is prior art already. That is what I am looking for.

Thanks!

You can get the md5 hash of your module with this

ThirdPartyModule.__info__(:md5)

I guess you could store this in an ETS table, and compare with the current hash of the module when you make the function call.

2 Likes