Fwiw Plan 9’s code vase has indeed been audited. By me. Several exploitable bugs were found including a kernel exploit due to the env driver. I wrote a working PoC for it which is somewhere on the internet, but it’s quite old.
Much of the code hasn’t changed, and, I would suspect, is largely secure.
But you’re talking implementation security versus architectural security. In the case of IoT, Plan 9 does exceptional things to close the gaps that embedded systems supply its users, but it is nowhere near complete.
Notably, a trusted root environment needs to be added - which Plan 9 only slightly addresses.
Best,
D
I don't think OpenBSD will run on an ESP-32. That is part of the problem with IoT, the nodes are made on the cheap and thus use the cheapest viable network capable device.
On Mon, Aug 19, 2019, at 12:53 PM, Cyber Fonic wrote:
>
> It has been said : "The 'S' in IoT stands for security". If Plan9 can address that deficiency of the current state of the art for IoT devices, then it would be a worthwhile exercise.
Plan 9 may have a decent security model, but it's never been audited. Auditing a codebase, even one as small as Plan 9's, is a lot of work. Are you willing to make a start on it?
If you want something free and already audited, with more security features, (but perhaps not quite the same convenience,) look into OpenBSD.
--
I love that *Open*BSD is so *security*-focused!