On Tue, Aug 20, 2019, at 2:29 PM, Don A. Bailey wrote: > > Fwiw Plan 9’s code vase has indeed been audited. By me. Several exploitable > bugs were found including a kernel exploit due to the env driver. I wrote a > working PoC for it which is somewhere on the internet, but it’s quite old.
My apologies! > Much of the code hasn’t changed, and, I would suspect, is largely secure. Good to know. :) I wonder how many relevant parts have changed in 9front? There are regular kernel changes, some of which were made to handle the heavy shell-script load of running werc sites. (For a short time, the load on cat-v.org was very heavy.) > But you’re talking implementation security versus architectural security. In > the case of IoT, Plan 9 does exceptional things to close the gaps that > embedded systems supply its users, but it is nowhere near complete. I guess I am, and yes, Plan 9 is sadly incomplete in many areas.
