Re: hurd does NOT need /hurd
* Jeroen Dekkers
[...]
| The Hurd has more security features than Linux has. I have never seen
| a password server for Linux for example.
I am not 100% sure what you mean by password server but from the short
description I have seen of it, kerberos does much of the same thing:
give out an authentication token after being given a password. You
also have stuff like RADIUS and partially NIS. Also, PAM is usually
used for authentication which can use anything as the backend,
including authenticating against stuff like Samba servers.
[...]
| It would have been better if you have a port 80 cabability and could
| give that to apache. Then apache could be running without uids.
Take a look at authbind.
[...]
| > Anyway. The Hurd needs some basic firewalling tools.
|
| If you really insist on those firewalling things we can make a deal,
| if you eliminate all suid binaries for Debian GNU/Linux I make sure
| that the Hurd has firewalling functionality like netfiler. And I'm
| even friendly for you now, I could've asked you to make all daemons
| runs without uids by default. :-)
There is no such concept as without uid, at least in Linux. (And I
wonder how you would do stuff like su without having su SUID root or
having the CAP_CHANGEUID (or whatever it's called) capability.)
Sure, you can get rid of SUID executables -- just switch to
capabilities instead. Except that I don't think the file system
supports saving them atm (so you would get SCAP instead of SUID).
--
Tollef Fog Heen ,''`.
UNIX is user friendly, it's just picky about who its friends are : :' :
`. `'
`-
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: