#1535 new enhancement

Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets — at Version 2

Reported by: LoneTech Owned by:
Priority: normal Milestone: eventually
Component: code-frontend-cli Version: 1.8.2
Keywords: wui cli socket unix security confidentiality integrity capleak Cc:
Launchpad Bug:

Description (last modified by daira)

It's fairly easy to limit the node interface, by setting something like: web.port = unix:/home/$USER/.tahoe/websocket:mode=600

The problem is, web browsers can't connect to it. That much is expected, but neither can the tahoe CLI. It refuses any node.url that does not begin with http or https, and I found no way to make it connect to a UNIX socket.

The downside with a TCP socket is it lets all local users use the filesystem, even if they can't find your files in it without the caps.

Change History (2)

comment:1 Changed at 2011-09-14T22:39:36Z by davidsarah

  • Keywords security confidentiality integrity capleak added
  • Milestone changed from undecided to soon
  • Priority changed from minor to major
  • Summary changed from Allow restricting Tahoe-LAFS gateway to one user to Allow restricting Tahoe-LAFS gateway to one user by supporting Unix sockets

comment:2 Changed at 2014-01-21T20:43:15Z by daira

  • Description modified (diff)
  • Milestone changed from soon to eventually
Note: See TracTickets for help on using tickets.