Should we limit the number of bytes in an image?

[natalieparellano]

This question is spurred from conversation around this PR: #113 which attempts to use io.CopyN instead of io.Copy when untarring an image. Our use of io.Copy was flagged by muse-dev as being potentially vulnerable to DOS attacks.

In order for the change to io.CopyN to be meaningful, we should check the total number of bytes read as we are reading and throw an error if the number exceeds some threshold.

Some questions:

• Is DOS attack a realistic concern when running with a daemon? It seems the attacker would be DOS-ing their own machine, unless running in a cloud environment.
• If we decide to do this mitigation, what is a reasonable number to use for "max number of bytes"?