Date: Tue, 24 Nov 2015 16:26:51 +0000 (UTC) From: John Case <case@SDF.ORG> To: freebsd-fs@freebsd.org Subject: so ... what *are* we doing about byzantine ZFS send/recv streams ? Message-ID: <Pine.NEB.4.64.1511241620510.18893@faeroes.freeshell.org>
next in thread | raw e-mail | index | archive | help
I was reading a thread on HN about ZFS[1] when someone from rsync.net commented that they support ZFS send/recv to their cloud platform.[2] Someone else responded in that thread asking how they dealt with "byzantine streams", by which they meant a ZFS stream that has been corrupted on purpose so as to panic the receiver (or worse). The rsync.net guy said they gave everyone their own zpool inside their own bhyve so there isn't a big concern there - at worst "it might be a DOS attack". So my questions: 1. What, if anything, does FreeBSD 10.x do about "byzantine streams" and is there any mitigation of this ? 2. If I allow someone to ZFS send a arbitrary snapshot to me, does locking them in a VM like the guy suggests a good solution ? Or is there still a security/corruption threat there ? Thank you. [1] https://news.ycombinator.com/item?id=10568705 [2] http://www.rsync.net/products/zfsintro.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.64.1511241620510.18893>