From: Don Bailey <don.bailey@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Plan 9 security
Date: Fri, 23 Aug 2019 13:41:44 -0600 [thread overview]
Message-ID: <CAL_X0tAxh5quG1FaKzPGhbQaqo20CtPTOBpXQUGDQiHK8rzAUg@mail.gmail.com> (raw)
In-Reply-To: <115a2abc-2231-4492-be26-8e8f7f133559@www.fastmail.com>
[-- Attachment #1: Type: text/plain, Size: 1805 bytes --]
On Fri, Aug 23, 2019 at 12:47 PM Ethan Gardener <eekee57@fastmail.fm> wrote:
> On Tue, Aug 20, 2019, at 2:29 PM, Don A. Bailey wrote:
> >
> > Fwiw Plan 9’s code vase has indeed been audited. By me. Several
> exploitable bugs were found including a kernel exploit due to the env
> driver. I wrote a working PoC for it which is somewhere on the internet,
> but it’s quite old.
>
> My apologies!
>
No apologies necessary, you didn't know.
>
> > Much of the code hasn’t changed, and, I would suspect, is largely secure.
>
> Good to know. :)
>
> I wonder how many relevant parts have changed in 9front? There are
> regular kernel changes, some of which were made to handle the heavy
> shell-script load of running werc sites. (For a short time, the load on
> cat-v.org was very heavy.)
>
>
A delta audit would be useful and might be fun. I don't think I have the
time, currently, but I wouldn't mind to get back into it.
> > But you’re talking implementation security versus architectural
> security. In the case of IoT, Plan 9 does exceptional things to close the
> gaps that embedded systems supply its users, but it is nowhere near
> complete.
>
> I guess I am, and yes, Plan 9 is sadly incomplete in many areas.
>
I don't think it's sadly incomplete. Plan 9 is awesome. However, it isn't
really Plan 9's job to address silicon security and hardware trust. Some
integrations could be made into the kernel authentication stack and the
Secure Store et. al., but that is a gap easily closed. The hard part is
choosing cost effective hardware that does the job. The Linux BIOS team
(Ron and Pals) have done a great job of getting closer to The Source, but
that isn't really something an OS should address. That's more of a
firmware/BIOS/CPU thing.
[-- Attachment #2: Type: text/html, Size: 2618 bytes --]
prev parent reply other threads:[~2019-08-23 19:41 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-26 6:37 [9fans] Plan 9 C compiler for Xtensa CPUs Cyber Fonic
2019-07-26 10:02 ` Rodrigo G. López
2019-07-26 10:30 ` Charles Forsyth
2019-07-26 12:04 ` Rodrigo G. López
2019-07-26 12:12 ` Cyber Fonic
2019-07-26 15:23 ` Charles Forsyth
2019-07-27 9:16 ` Anthony Martin
2019-07-27 11:10 ` Richard Miller
2019-07-27 16:29 ` Anthony Martin
2019-08-07 0:22 ` Charles Forsyth
2019-08-07 8:07 ` Lucio De Re
2019-08-09 14:17 ` Bakul Shah
2019-08-09 14:50 ` Charles Forsyth
2019-08-09 15:50 ` Charles Forsyth
2019-08-09 21:34 ` Charles Forsyth
2019-08-09 21:48 ` Shane Morris
2019-08-09 22:51 ` Bakul Shah
2019-08-09 22:53 ` Skip Tavakkolian
2019-08-10 9:09 ` Cyber Fonic
2019-08-10 9:15 ` Shane Morris
2019-08-10 16:18 ` Charles Forsyth
2019-08-11 18:59 ` Lyndon Nerenberg
2019-08-18 14:10 ` Charles Forsyth
2019-08-18 14:28 ` Richard Miller
2019-08-19 11:51 ` Cyber Fonic
2019-08-19 14:52 ` [9fans] Plan 9 security Ethan Gardener
2019-08-20 13:13 ` Cyber Fonic
2019-08-20 13:28 ` Don A. Bailey
2019-08-23 18:45 ` Ethan Gardener
2019-08-23 19:41 ` Don Bailey [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAL_X0tAxh5quG1FaKzPGhbQaqo20CtPTOBpXQUGDQiHK8rzAUg@mail.gmail.com \
--to=don.bailey@gmail.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).