From: "Don A. Bailey" <don.bailey@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Plan 9 security
Date: Tue, 20 Aug 2019 09:28:20 -0400 [thread overview]
Message-ID: <02669859-3065-478A-AC9E-2C921976A745@gmail.com> (raw)
In-Reply-To: <CALj3Nd0nauMxLiUpioOB=7+j_Jt_u0Sn+_WTfBC=fzyHwBogAw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1645 bytes --]
Fwiw Plan 9’s code vase has indeed been audited. By me. Several exploitable bugs were found including a kernel exploit due to the env driver. I wrote a working PoC for it which is somewhere on the internet, but it’s quite old.
Much of the code hasn’t changed, and, I would suspect, is largely secure.
But you’re talking implementation security versus architectural security. In the case of IoT, Plan 9 does exceptional things to close the gaps that embedded systems supply its users, but it is nowhere near complete.
Notably, a trusted root environment needs to be added - which Plan 9 only slightly addresses.
Best,
D
> On Aug 20, 2019, at 9:13 AM, Cyber Fonic <cyberfonic@gmail.com> wrote:
>
> I don't think OpenBSD will run on an ESP-32. That is part of the problem with IoT, the nodes are made on the cheap and thus use the cheapest viable network capable device.
>
>> On Tue, 20 Aug 2019 at 00:54, Ethan Gardener <eekee57@fastmail.fm> wrote:
>> On Mon, Aug 19, 2019, at 12:53 PM, Cyber Fonic wrote:
>> >
>> > It has been said : "The 'S' in IoT stands for security". If Plan9 can address that deficiency of the current state of the art for IoT devices, then it would be a worthwhile exercise.
>>
>> Plan 9 may have a decent security model, but it's never been audited. Auditing a codebase, even one as small as Plan 9's, is a lot of work. Are you willing to make a start on it?
>>
>> If you want something free and already audited, with more security features, (but perhaps not quite the same convenience,) look into OpenBSD.
>>
>> --
>> I love that *Open*BSD is so *security*-focused!
>>
[-- Attachment #2: Type: text/html, Size: 2425 bytes --]
next prev parent reply other threads:[~2019-08-20 13:28 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-26 6:37 [9fans] Plan 9 C compiler for Xtensa CPUs Cyber Fonic
2019-07-26 10:02 ` Rodrigo G. López
2019-07-26 10:30 ` Charles Forsyth
2019-07-26 12:04 ` Rodrigo G. López
2019-07-26 12:12 ` Cyber Fonic
2019-07-26 15:23 ` Charles Forsyth
2019-07-27 9:16 ` Anthony Martin
2019-07-27 11:10 ` Richard Miller
2019-07-27 16:29 ` Anthony Martin
2019-08-07 0:22 ` Charles Forsyth
2019-08-07 8:07 ` Lucio De Re
2019-08-09 14:17 ` Bakul Shah
2019-08-09 14:50 ` Charles Forsyth
2019-08-09 15:50 ` Charles Forsyth
2019-08-09 21:34 ` Charles Forsyth
2019-08-09 21:48 ` Shane Morris
2019-08-09 22:51 ` Bakul Shah
2019-08-09 22:53 ` Skip Tavakkolian
2019-08-10 9:09 ` Cyber Fonic
2019-08-10 9:15 ` Shane Morris
2019-08-10 16:18 ` Charles Forsyth
2019-08-11 18:59 ` Lyndon Nerenberg
2019-08-18 14:10 ` Charles Forsyth
2019-08-18 14:28 ` Richard Miller
2019-08-19 11:51 ` Cyber Fonic
2019-08-19 14:52 ` [9fans] Plan 9 security Ethan Gardener
2019-08-20 13:13 ` Cyber Fonic
2019-08-20 13:28 ` Don A. Bailey [this message]
2019-08-23 18:45 ` Ethan Gardener
2019-08-23 19:41 ` Don Bailey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=02669859-3065-478A-AC9E-2C921976A745@gmail.com \
--to=don.bailey@gmail.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).