Ben Summers was shocked we're doing zfs receive from data received from our customers, because he thought that the ZFS receive code was written assuming a trusted source. I had some trouble once with a funny ZFS receive stream that would hang on zfs receive, suggesting it might not be hardened against unsanitised inputs.
Could an evil person sign up and send the dothub/dotscience hub a carefully crafted ZFS stream in a faked push that crashes the kernel at best, and takes the server over at worst?
Ben Summers was shocked we're doing
zfs receivefrom data received from our customers, because he thought that the ZFS receive code was written assuming a trusted source. I had some trouble once with a funny ZFS receive stream that would hang onzfs receive, suggesting it might not be hardened against unsanitised inputs.Could an evil person sign up and send the dothub/dotscience hub a carefully crafted ZFS stream in a faked
pushthat crashes the kernel at best, and takes the server over at worst?Ask a ZFS expert!