To summarize my takeaway from the call, the risk of exploit in basically all cases boils down to some trusted account "going rogue" and substituting a malicious image (perhaps after validation by the consumer), with their actions going entirely unnoticed. The currently proposed patch represents a new feature in Glance of the level that would normally require a formal specification and trigger broad discussion around API behavior changes and potential performance regressions. I don't think the risks presented outweigh the need for public design process around the proposed feature, so I'm recommending we switch this bug to public once the participants here are comfortable with the drafted guidance to operators, and then proceed with the code changes in public review where it can be better scrutinized and more thoroughly tested.
To summarize my takeaway from the call, the risk of exploit in basically all cases boils down to some trusted account "going rogue" and substituting a malicious image (perhaps after validation by the consumer), with their actions going entirely unnoticed. The currently proposed patch represents a new feature in Glance of the level that would normally require a formal specification and trigger broad discussion around API behavior changes and potential performance regressions. I don't think the risks presented outweigh the need for public design process around the proposed feature, so I'm recommending we switch this bug to public once the participants here are comfortable with the drafted guidance to operators, and then proceed with the code changes in public review where it can be better scrutinized and more thoroughly tested.