This repository has been archived by the owner on Jan 13, 2025. It is now read-only.
Harden untrusted genesis file consumption #7919
Comments
|
As guessed this will happen someday, this became a real issue now: #8427 |
|
Also, like this #7167 (comment), we're currently challenged to sanitize bunch of rocksdb binary files which cannot be trusted at all and can be tampered in any arbitrary way. I'll suspect rocksdb are prepared to combat off that attack surface. So, we're forced to transition to some DDL emitter for genesis instead of carrying a tiny rocksdb instance or completely outplace it. :) |
|
I'd like to remove (more practically just ignore rocksdb/) in genesis entirely. It's superfluous, genesis.bin is all that matters. |
This was referenced Sep 23, 2022
Open
This was referenced May 10, 2024
Open
Open
Open
Open
This was referenced May 17, 2024
Open
Open
Open
This was referenced Oct 12, 2024
Open
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Problem
Like #7167, as
HTTP/GET-ed genesis files can not be trusted, its deserialization and handling should be hardened. At least, before genesis hash check is done.TBD
Proposed Solution
Just redo similar measured as #7167?
TBD
The text was updated successfully, but these errors were encountered: