id summary reporter owner description type status priority milestone component version resolution keywords cc launchpad_bug 1737 "remove ""Control Port"" (and private/control.furl)" warner daira "There's a little-used ""control port"" in the tahoe client, accessible through Foolscap by someone who can read {{{NODEDIR/private/control.furl}}} (which in practice means only the node admin). The original idea was to provide a Foolscap-based frontend with more features (or at least more security) than the HTTP-based frontend. But that never took off, and at this point, there are only two consumers: * automated performance tests in source:src/allmydata/test/check_speed.py * automated memory-footprint tests in source:src/allmydata/test/check_memory.py The methods it provides are: * {{{wait_for_client_connections()}}} * {{{upload_from_file_to_uri()}}} * {{{download_from_uri_to_file()}}} * {{{speed_test()}}} * {{{get_memory_usage()}}} * {{{measure_peer_response_time()}}} Daira argues that it provides excess authority, specifically due to the fact that the upload/download methods accept local filenames (like {{{remote_upload_from_file_to_uri()}}} which accepts a local disk filename and uploads it to the grid, returning the filecap, which could be used to upload e.g. {{{~/.tahoe/private/aliases}}}. This makes it unsafe to share {{{control.furl}}} with anyone who is not supposed to get control of the user account running the node. Daira would like to remove it. To do that, we'd need to either give up the automated performance and memory-footprint tests, or find a way to rewrite them (which would probably mean adding new authorities into the HTTP-based webapi, at least for get_memory_usage() and measure_peer_response_time()). We could also address the excess authority by changing the upload/download methods (maybe using empty tempfiles of given sizes, and *not* accepting a filename at all). That would probably let us preserve the automated tests without too many changes. " task assigned normal 1.11.0 code-frontend 1.9.1 security control.furl