Opened at 2021-10-15T14:58:45Z
Closed at 2021-10-26T00:57:28Z
#3814 closed defect (fixed)
Remove the node "control" port
| Reported by: | exarkun | Owned by: | GitHub <noreply@…> |
|---|---|---|---|
| Priority: | normal | Milestone: | undecided |
| Component: | unknown | Version: | n/a |
| Keywords: | Cc: | ||
| Launchpad Bug: |
Description
A node automatically has a Foolscap-based "control" interface. This exposes the following functionality to localhost:
- wait for a client to connect
- generate a small random file and upload it
- download a file and then delete it
- Run a speed test against storage servers (upload and then download a small file, measuring elapsed time)
- get the amount of memory the node process is using
- measure foolscap "ping" time to connected servers
I think all of this is unnecessary attack surface. Also, much of it is redundant or poorly placed.
Want to measure upload/download time? Great, do it, there are HTTP APIs for that. Want to know memory usage? Great, use a platform API to look it up. Want to wait for a client to connect? *Why*?
Additionally, the code that sets up the Foolscap tub for the control interface uses failure-prone port assignment logic which causes frequent spurious failures on CI, making this code a substantially overweight maintenance burden.
I suggest that no one is using any of this functionality and no one *should* use any of it and we should delete it.
Change History (2)
comment:1 Changed at 2021-10-15T17:21:15Z by exarkun
comment:2 Changed at 2021-10-26T00:57:28Z by GitHub <noreply@…>
- Owner set to GitHub <noreply@…>
- Resolution set to fixed
- Status changed from new to closed
In 84dfb36/trunk:
https://github.com/tahoe-lafs/tahoe-lafs/pull/1141