Ability to specify full pathname for BWCTL tool (-T) option

[klbenninger]

It would be useful for bwctl to accept a full pathname to a test tool in case the test tool isn't installed in the expected directory.

[mfeit-internet2]

ETA: The configuration file for bwctld has entries for what's to be executed for each tool.

A few hurdles:

The V1 protocol uses a bitmap for tool selection and would require either a variable-length message to hold the tool path or a message with PATH_MAX bytes, a number that can vary between systems. The V2 protocol could do it.

For tests with multiple participants, the tool would have to be in the same place at both ends or an end not finding the tool would have to chop the path off the file and try to use that as the tool name.

This would allow a privilege escalation (or at least a lateral) where the bwctl user could be forced to run any program the user running the client could specify.

[arlake228]

I actually think this is a really bad idea because of the last line in your statement. The path is currently configurable in the bwctld.conf file, which is where it should be set. We do not want clients being able to execute arbitrary programs on the server.

[klbenninger]

Given the security threat, I understand why my request would be declined.

I was hoping to use bwctl for short-term performance testing with a server (non-perfSONAR) where I have a login but do not have access to install software into /usr/bin or edit files in /etc. My alternative is to script iperf3 testing. If there's some other straightforward way to do this, I'm open to suggestions.

Thanks, Kathy

On 9/25/2015 10:40 AM, Andrew R. Lake wrote:

I actually think this is a really bad idea because of the last line in your statement. The path is currently configurable in the bwctld.conf file, which is where it should be set. We do not want clients being able to execute arbitrary programs on the server.

— Reply to this email directly or view it on GitHub https://github.com/perfsonar/bwctl/issues/24#issuecomment-143240925.

[mfeit-internet2]

BWCTL's job is do do all of the coordination you're doing by hand, so the reality is that you'd need to run your own bwctld. That's theoretically possible, but the software isn't put together in a self-contained blob that you could unpack and run.

If I were to try and distill this into the problem you're trying to solve, would this be an accurate statement?

"I'd like to have a way to run ad hoc tests with perfSONAR nodes from a host that doesn't have perfSONAR installed but allows me to install software in my home directory."

[klbenninger]

Yes, that is an accurate statement.

On 9/25/2015 11:39 AM, Mark Feit wrote:

BWCTL's job is do do all of the coordination you're doing by hand, so the reality is that you'd need to run your own bwctld. That's theoretically possible, but the software isn't put together in a self-contained blob that you could unpack and run.

If I were to try and distill this into the problem you're trying to solve, would this be an accurate statement?

"I'd like to have a way to run ad hoc tests with perfSONAR nodes from a
host that doesn't have perfSONAR installed but where I can install
software in my home directory."

— Reply to this email directly or view it on GitHub https://github.com/perfsonar/bwctl/issues/24#issuecomment-143254895.