Re: hurd does NOT need /hurd

[Tollef Fog Heen <tollef@add.no>]

* Jeroen Dekkers 


[...]

| The Hurd has more security features than Linux has. I have never seen
| a password server for Linux for example.

I am not 100% sure what you mean by password server but from the short
description I have seen of it, kerberos does much of the same thing:
give out an authentication token after being given a password.  You
also have stuff like RADIUS and partially NIS.  Also, PAM is usually
used for authentication which can use anything as the backend,
including authenticating against stuff like Samba servers.

[...]

| It would have been better if you have a port 80 cabability and could
| give that to apache. Then apache could be running without uids. 

Take a look at authbind.

[...]

| > Anyway. The Hurd needs some basic firewalling tools.
| 
| If you really insist on those firewalling things we can make a deal,
| if you eliminate all suid binaries for Debian GNU/Linux I make sure
| that the Hurd has firewalling functionality like netfiler. And I'm
| even friendly for you now, I could've asked you to make all daemons
| runs without uids by default. :-)

There is no such concept as without uid, at least in Linux.  (And I
wonder how you would do stuff like su without having su SUID root or
having the CAP_CHANGEUID (or whatever it's called) capability.)

Sure, you can get rid of SUID executables -- just switch to
capabilities instead.  Except that I don't think the file system
supports saving them atm (so you would get SCAP instead of SUID).

-- 
Tollef Fog Heen                                                        ,''`.
UNIX is user friendly, it's just picky about who its friends are      : :' :
                                                                      `. `' 
                                                                        `-  


-- 
To UNSUBSCRIBE, email to debian-hurd-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org