From owner-freebsd-fs@freebsd.org  Tue Nov 24 16:27:37 2015
Return-Path: <owner-freebsd-fs@freebsd.org>
Delivered-To: freebsd-fs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E1C3A3731E
 for <freebsd-fs@mailman.ysv.freebsd.org>; Tue, 24 Nov 2015 16:27:37 +0000 (UTC)
 (envelope-from case@SDF.ORG)
Received: from sdf.lonestar.org (mx.sdf.org [192.94.73.23])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx.sdf.org", Issuer "SDF.ORG" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 5B3751936
 for <freebsd-fs@freebsd.org>; Tue, 24 Nov 2015 16:27:36 +0000 (UTC)
 (envelope-from case@SDF.ORG)
Received: from otaku.freeshell.org (IDENT:case@otaku.freeshell.org
 [192.94.73.9])
 by sdf.lonestar.org (8.15.2/8.14.5) with ESMTPS id tAOGQqv2015059
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256 bits) verified NO)
 for <freebsd-fs@freebsd.org>; Tue, 24 Nov 2015 16:27:23 GMT
Date: Tue, 24 Nov 2015 16:26:51 +0000 (UTC)
From: John Case <case@SDF.ORG>
X-X-Sender: case@faeroes.freeshell.org
To: freebsd-fs@freebsd.org
Subject: so ... what *are* we doing about byzantine ZFS send/recv streams ?
Message-ID: <Pine.NEB.4.64.1511241620510.18893@faeroes.freeshell.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs/>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2015 16:27:37 -0000


I was reading a thread on HN about ZFS[1] when someone from rsync.net 
commented that they support ZFS send/recv to their cloud platform.[2]

Someone else responded in that thread asking how they dealt with 
"byzantine streams", by which they meant a ZFS stream that has been 
corrupted on purpose so as to panic the receiver (or worse).

The rsync.net guy said they gave everyone their own zpool inside their own 
bhyve so there isn't a big concern there - at worst "it might be a DOS 
attack".


So my questions:


1. What, if anything, does FreeBSD 10.x do about "byzantine streams" and 
is there any mitigation of this ?

2. If I allow someone to ZFS send a arbitrary snapshot to me, does locking 
them in a VM like the guy suggests a good solution ?  Or is there still a 
security/corruption threat there ?


Thank you.


[1] https://news.ycombinator.com/item?id=10568705
[2] http://www.rsync.net/products/zfsintro.html