Fwiw Plan 9’s code vase has indeed been audited. By me. Several exploitable bugs were found including a kernel exploit due to the env driver. I wrote a working PoC for it which is somewhere on the internet, but it’s quite old.
Much of the code hasn’t changed, and, I would suspect, is largely secure. But you’re talking implementation security versus architectural security. In the case of IoT, Plan 9 does exceptional things to close the gaps that embedded systems supply its users, but it is nowhere near complete. Notably, a trusted root environment needs to be added - which Plan 9 only slightly addresses. Best, D > On Aug 20, 2019, at 9:13 AM, Cyber Fonic <cyberfo...@gmail.com> wrote: > > I don't think OpenBSD will run on an ESP-32. That is part of the problem > with IoT, the nodes are made on the cheap and thus use the cheapest viable > network capable device. > >> On Tue, 20 Aug 2019 at 00:54, Ethan Gardener <eeke...@fastmail.fm> wrote: >> On Mon, Aug 19, 2019, at 12:53 PM, Cyber Fonic wrote: >> > >> > It has been said : "The 'S' in IoT stands for security". If Plan9 can >> > address that deficiency of the current state of the art for IoT devices, >> > then it would be a worthwhile exercise. >> >> Plan 9 may have a decent security model, but it's never been audited. >> Auditing a codebase, even one as small as Plan 9's, is a lot of work. Are >> you willing to make a start on it? >> >> If you want something free and already audited, with more security features, >> (but perhaps not quite the same convenience,) look into OpenBSD. >> >> -- >> I love that *Open*BSD is so *security*-focused! >>
