Re: [9fans] Plan 9 (in)security

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Mike Haertel <mike@ducky.net>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Plan 9 (in)security
Date: Sat, 26 May 2001 16:23:15 -0700	[thread overview]
Message-ID: <200105262323.f4QNNF904664@ducky.net> (raw)
In-Reply-To: <Pine.GSO.4.21.0105261759130.1754-100000@weyl.math.psu.edu>

>OK, it's not a security hole - you'd need to have access to /dev/draw on
>CPU server [...]

I agree that there are local security holes and they're bad, however
network security holes are lots worse.

I just wanted to bring attention to the fact that many if not all
of the networkable 9p servers seem to be horrendously insecure,
and since some of them will allow anonymous attach, any Plan 9
server with exported filesystems is vulnerable to a sufficiently
clever attacker.

I constantly see people portscanning my systems, script kiddies
running well-known Linux attacks and who knows what else (it helps
to run a less-popular OS :-).  And I am not even an interesting
target (low bandwidth link, no web site, nothing interesting on my
systems, etc).  I shudder to imagine the number and variety of
attacks the "interesting" sites must get.  It's a jungle out there.

next prev parent reply	other threads:[~2001-05-26 23:23 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-05-26 19:54 Mike Haertel
2001-05-26 22:47 ` Alexander Viro
2001-05-26 23:23   ` Mike Haertel [this message]
2001-05-27  1:40     ` Alexander Viro
2001-05-28  4:40     ` Lucio De Re
2001-05-26 23:02 jmk
2001-05-26 23:22 ` Alexander Viro
2001-05-27  0:52 Russ Cox
2001-05-27  4:27 rob pike
2001-05-27  6:43 ` Richard Elberger
2001-05-29  9:17   ` Douglas A. Gwyn
2001-06-29  9:23     ` Alex Danilo
2001-06-29 13:57       ` Douglas A. Gwyn
2001-06-29 21:08         ` Boyd Roberts
2001-05-27 15:00 rob pike
2001-07-02  1:38 okamoto
2001-07-02  2:03 ` Jim Choate
2001-07-02 11:56   ` rob pike
2001-07-02 12:01 nigel
2001-07-02 12:05 ` George Michaelson
2001-07-02 12:07 ` rob pike
2001-07-02 15:02 Sape Mullender
2001-07-02 15:52 ` Dan Cross
2001-07-02 16:24 ` Sam Ducksworth
2001-07-02 18:10 David Gordon Hogan
2001-07-02 19:09 ` Dan Cross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200105262323.f4QNNF904664@ducky.net \
    --to=mike@ducky.net \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).