From owner-freebsd-fs@freebsd.org Tue Nov 24 16:27:37 2015 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E1C3A3731E for ; Tue, 24 Nov 2015 16:27:37 +0000 (UTC) (envelope-from case@SDF.ORG) Received: from sdf.lonestar.org (mx.sdf.org [192.94.73.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.sdf.org", Issuer "SDF.ORG" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5B3751936 for ; Tue, 24 Nov 2015 16:27:36 +0000 (UTC) (envelope-from case@SDF.ORG) Received: from otaku.freeshell.org (IDENT:case@otaku.freeshell.org [192.94.73.9]) by sdf.lonestar.org (8.15.2/8.14.5) with ESMTPS id tAOGQqv2015059 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256 bits) verified NO) for ; Tue, 24 Nov 2015 16:27:23 GMT Date: Tue, 24 Nov 2015 16:26:51 +0000 (UTC) From: John Case X-X-Sender: case@faeroes.freeshell.org To: freebsd-fs@freebsd.org Subject: so ... what *are* we doing about byzantine ZFS send/recv streams ? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Nov 2015 16:27:37 -0000 I was reading a thread on HN about ZFS[1] when someone from rsync.net commented that they support ZFS send/recv to their cloud platform.[2] Someone else responded in that thread asking how they dealt with "byzantine streams", by which they meant a ZFS stream that has been corrupted on purpose so as to panic the receiver (or worse). The rsync.net guy said they gave everyone their own zpool inside their own bhyve so there isn't a big concern there - at worst "it might be a DOS attack". So my questions: 1. What, if anything, does FreeBSD 10.x do about "byzantine streams" and is there any mitigation of this ? 2. If I allow someone to ZFS send a arbitrary snapshot to me, does locking them in a VM like the guy suggests a good solution ? Or is there still a security/corruption threat there ? Thank you. [1] https://news.ycombinator.com/item?id=10568705 [2] http://www.rsync.net/products/zfsintro.html