Re: [9fans] Plan 9 security

["Don A. Bailey" <don.bailey@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 1645 bytes --]

Fwiw Plan 9’s code vase has indeed been audited. By me. Several exploitable bugs were found including a kernel exploit due to the env driver. I wrote a working PoC for it which is somewhere on the internet, but it’s quite old.

Much of the code hasn’t changed, and, I would suspect, is largely secure.

But you’re talking implementation security versus architectural security. In the case of IoT, Plan 9 does exceptional things to close the gaps that embedded systems supply its users, but it is nowhere near complete.

Notably, a trusted root environment needs to be added - which Plan 9 only slightly addresses. 

Best,
D

> On Aug 20, 2019, at 9:13 AM, Cyber Fonic <cyberfonic@gmail.com> wrote:
> 
> I don't think OpenBSD will run on an ESP-32.  That is part of the problem with IoT, the nodes are made on the cheap and thus use the cheapest viable network capable device.
> 
>> On Tue, 20 Aug 2019 at 00:54, Ethan Gardener <eekee57@fastmail.fm> wrote:
>> On Mon, Aug 19, 2019, at 12:53 PM, Cyber Fonic wrote:
>> > 
>> > It has been said : "The 'S' in IoT stands for security". If Plan9 can address that deficiency of the current state of the art for IoT devices, then it would be a worthwhile exercise.
>> 
>> Plan 9 may have a decent security model, but it's never been audited.  Auditing a codebase, even one as small as Plan 9's, is a lot of work.  Are you willing to make a start on it?
>> 
>> If you want something free and already audited, with more security features, (but perhaps not quite the same convenience,) look into OpenBSD.
>> 
>> -- 
>> I love that *Open*BSD is so *security*-focused!
>> 

[-- Attachment #2: Type: text/html, Size: 2425 bytes --]