Opened at 2012-05-14T23:56:11Z
Last modified at 2015-04-28T22:36:14Z
#1737 closed defect
remove "Control Port" (and private/control.furl) — at Version 6
Reported by: | warner | Owned by: | daira |
---|---|---|---|
Priority: | normal | Milestone: | 1.10.1 |
Component: | code-frontend | Version: | 1.9.1 |
Keywords: | security control.furl | Cc: | |
Launchpad Bug: |
Description (last modified by daira)
There's a little-used "control port" in the tahoe client, accessible through Foolscap by someone who can read NODEDIR/private/control.furl (which in practice means only the node admin). The original idea was to provide a Foolscap-based frontend with more features (or at least more security) than the HTTP-based frontend. But that never took off, and at this point, there are only two consumers:
- automated performance tests in source:src/allmydata/test/check_speed.py
- automated memory-footprint tests in source:src/allmydata/test/check_memory.py
The methods it provides are:
- wait_for_client_connections()
- upload_from_file_to_uri()
- download_from_uri_to_file()
- speed_test()
- get_memory_usage()
- measure_peer_response_time()
Daira argues that it provides excess authority, specifically due to the fact that the upload/download methods accept local filenames (like remote_upload_from_file_to_uri() which accepts a local disk filename and uploads it to the grid, returning the filecap, which could be used to upload e.g. ~/.tahoe/private/aliases. This makes it unsafe to share control.furl with anyone who is not supposed to get control of the user account running the node.
Daira would like to remove it. To do that, we'd need to either give up the automated performance and memory-footprint tests, or find a way to rewrite them (which would probably mean adding new authorities into the HTTP-based webapi, at least for get_memory_usage() and measure_peer_response_time()).
We could also address the excess authority by changing the upload/download methods (maybe using empty tempfiles of given sizes, and *not* accepting a filename at all). That would probably let us preserve the automated tests without too many changes.
Change History (6)
comment:1 Changed at 2012-12-20T17:11:58Z by warner
- Milestone changed from 1.10.0 to 1.11.0
comment:2 Changed at 2013-12-28T13:40:56Z by daira
- Description modified (diff)
- Milestone changed from soon to 1.11.0
- Owner set to daira
- Status changed from new to assigned
comment:3 Changed at 2013-12-28T13:41:28Z by daira
- Milestone changed from 1.11.0 to 1.12.0
comment:4 Changed at 2015-04-12T22:40:46Z by daira
- Milestone changed from 1.12.0 to 1.11.0
comment:5 Changed at 2015-04-12T22:44:36Z by daira
- Cc davidsarah removed
- Description modified (diff)
- Keywords control.furl added
comment:6 Changed at 2015-04-12T22:46:10Z by daira
- Description modified (diff)