Opened at 2011-09-14T17:10:06Z
Last modified at 2014-01-21T20:43:30Z
#1535 new enhancement
Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets
| Reported by: | LoneTech | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | eventually |
| Component: | code-frontend-cli | Version: | 1.8.2 |
| Keywords: | wui cli socket unix security confidentiality integrity capleak | Cc: | |
| Launchpad Bug: |
Description (last modified by daira)
It's fairly easy to limit the node interface, by setting something like: web.port = unix:/home/$USER/.tahoe/websocket:mode=600
The problem is, web browsers can't connect to it. That much is expected, but neither can the tahoe CLI. It refuses any node.url that does not begin with http or https, and I found no way to make it connect to a UNIX socket.
The downside with a TCP socket is it lets all local users use the filesystem, even if they can't find your files in it without the caps.
Change History (3)
comment:1 Changed at 2011-09-14T22:39:36Z by davidsarah
- Keywords security confidentiality integrity capleak added
- Milestone changed from undecided to soon
- Priority changed from minor to major
- Summary changed from Allow restricting Tahoe-LAFS gateway to one user to Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets
comment:2 Changed at 2014-01-21T20:43:15Z by daira
- Description modified (diff)
- Milestone changed from soon to eventually
comment:3 Changed at 2014-01-21T20:43:30Z by daira
- Priority changed from major to normal
Note: See
TracTickets for help on using
tickets.
