storage
storage copied to clipboard
containers
chunked: do not use a temporary file
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: giuseppe
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [giuseppe]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
LGTM and I'd like to get this in before starting the vendor dance. @nalind @mtrmac PTAL
I’m really more worried about the decompression than the chunked conversion. That’s a lot of bit manipulation, potentially in an unsafe language “for performance”, with a fair history of vulnerabilities.
Though now that we're forking a separate process we could isolate those quite aggressively.
Which forking does that refer to?
https://github.com/containers/storage/pull/1964
… and for ordinary image pulls, we currently also stream the input through decompression, only validating the digest concurrently; we don’t validate the digest before starting to decompress. So, in that sense, we are already accepting a larger part of the risk.
Right there's that and also ultimately we still need to be safe against untrusted/malicious zstd:chunked inputs even if the checksum matches.
So I'm going to proactively reopen this PR since I think it makes sense.
If this is merged on or before August 12, 2024, please cherry-pick this to the release-1.55 branch