HTTP download with no integrity check: iozone_run.sh downloads iozone source over plain HTTP as root. Since Zathras runs this on cloud VMs (AWS, GCP, Azure) with SSH keys and cloud credentials in the environment, a network-level attacker could tamper with the download.
Fix: Switch to HTTPS or add SHA256 checksum verification after download.
--tools_git override ineffective: The script downloads test_tools before parsing args, so --tools_git never takes effect.
Fix: Parse --tools_git in the early preflight section before the download.
Found during doc review in #62.
HTTP download with no integrity check:
iozone_run.shdownloads iozone source over plain HTTP as root. Since Zathras runs this on cloud VMs (AWS, GCP, Azure) with SSH keys and cloud credentials in the environment, a network-level attacker could tamper with the download.Fix: Switch to HTTPS or add SHA256 checksum verification after download.
--tools_gitoverride ineffective: The script downloads test_tools before parsing args, so--tools_gitnever takes effect.Fix: Parse
--tools_gitin the early preflight section before the download.Found during doc review in #62.