From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Haertel Message-Id: <200105262323.f4QNNF904664@ducky.net> To: 9fans@cse.psu.edu Subject: Re: [9fans] Plan 9 (in)security In-Reply-To: Date: Sat, 26 May 2001 16:23:15 -0700 Topicbox-Message-UUID: a91f65dc-eac9-11e9-9e20-41e7f4b1d025 >OK, it's not a security hole - you'd need to have access to /dev/draw on >CPU server [...] I agree that there are local security holes and they're bad, however network security holes are lots worse. I just wanted to bring attention to the fact that many if not all of the networkable 9p servers seem to be horrendously insecure, and since some of them will allow anonymous attach, any Plan 9 server with exported filesystems is vulnerable to a sufficiently clever attacker. I constantly see people portscanning my systems, script kiddies running well-known Linux attacks and who knows what else (it helps to run a less-popular OS :-). And I am not even an interesting target (low bandwidth link, no web site, nothing interesting on my systems, etc). I shudder to imagine the number and variety of attacks the "interesting" sites must get. It's a jungle out there.