From mboxrd@z Thu Jan 1 00:00:00 1970 User-Agent: Cyrus-JMAP/3.1.6-916-g49fca03-fmstable-20190821v7 Mime-Version: 1.0 Message-Id: <115a2abc-2231-4492-be26-8e8f7f133559@www.fastmail.com> In-Reply-To: <02669859-3065-478A-AC9E-2C921976A745@gmail.com> References: <40745EA5-3815-4E4F-9FE0-8F83697E74BA@bitblocks.com> <1e801ae2-0d18-4df9-a9a7-ec6480b9b6aa@www.fastmail.com> <02669859-3065-478A-AC9E-2C921976A745@gmail.com> Date: Fri, 23 Aug 2019 19:45:28 +0100 From: "Ethan Gardener" To: 9fans@9fans.net Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [9fans] Plan 9 security Topicbox-Message-UUID: 064d577c-eada-11e9-9d60-3106f5b1d025 On Tue, Aug 20, 2019, at 2:29 PM, Don A. Bailey wrote: >=20 > Fwiw Plan 9=E2=80=99s code vase has indeed been audited. By me. Severa= l exploitable bugs were found including a kernel exploit due to the env = driver. I wrote a working PoC for it which is somewhere on the internet,= but it=E2=80=99s quite old. My apologies! > Much of the code hasn=E2=80=99t changed, and, I would suspect, is larg= ely secure. Good to know. :) I wonder how many relevant parts have changed in 9front? There are regu= lar kernel changes, some of which were made to handle the heavy shell-sc= ript load of running werc sites. (For a short time, the load on cat-v.o= rg was very heavy.) > But you=E2=80=99re talking implementation security versus architectura= l security. In the case of IoT, Plan 9 does exceptional things to close = the gaps that embedded systems supply its users, but it is nowhere near = complete. I guess I am, and yes, Plan 9 is sadly incomplete in many areas. =20