On Tue, Aug 20, 2019, at 2:29 PM, Don A. Bailey wrote:
>
> Fwiw Plan 9’s code vase has indeed been audited. By me. Several exploitable bugs were found including a kernel exploit due to the env driver. I wrote a working PoC for it which is somewhere on the internet, but it’s quite old.
My apologies!
No apologies necessary, you didn't know.
> Much of the code hasn’t changed, and, I would suspect, is largely secure.
Good to know. :)
I wonder how many relevant parts have changed in 9front? There are regular kernel changes, some of which were made to handle the heavy shell-script load of running werc sites. (For a short time, the load on cat-v.org was very heavy.)
A delta audit would be useful and might be fun. I don't think I have the time, currently, but I wouldn't mind to get back into it.
> But you’re talking implementation security versus architectural security. In the case of IoT, Plan 9 does exceptional things to close the gaps that embedded systems supply its users, but it is nowhere near complete.
I guess I am, and yes, Plan 9 is sadly incomplete in many areas.
I don't think it's sadly incomplete. Plan 9 is awesome. However, it isn't really Plan 9's job to address silicon security and hardware trust. Some integrations could be made into the kernel authentication stack and the Secure Store et. al., but that is a gap easily closed. The hard part is choosing cost effective hardware that does the job. The Linux BIOS team (Ron and Pals) have done a great job of getting closer to The Source, but that isn't really something an OS should address. That's more of a firmware/BIOS/CPU thing.