[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About the login shell

Moritz Schulte <moritz@duesseldorf.ccc.de> wrote:
>   One of the few reasons for the login shell, which come to my mind,
> is: it is nice to demonstrate our feature of having zero auth handles.

(Using the terminology from auth.defs, the login shell actually has an
auth handle, it is just associated with four empty sets of IDs in the
auth server.)

Actually, the reason you mention is not so bad: There are so many
features in the Hurd where almost nobody knows that they even exist, it
is certainly nice to use this chance to show one of them to the people.

It is so obvious that one does not want this on a "secured" system that
one certainly won't forget to change it.  Therefore, if you really want
to improve security, you should maybe look somewhere else.  According to
the BTS (#46709), every program on GNU/Hurd can currenty access I/O
ports directly.  Before this is fixed, this system is insecure anyway.

>   For me it is simply hard to understand, why a system should be
> unnecessary open

Why should it be unnecessary closed?  I prefer a friendly system that
does not want to tell me "I don't trust you, go away" all the time.  A
system like that would probably also become depressed because it won't
have any friends.


Wolfgang Jährling  <wolfgang@pro-linux.de>  \\  http://stdio.cjb.net/
Debian GNU/Hurd user && Debian GNU/Linux user \\  http://www.gnu.org/
The Hurd Hacking Guide: http://www.gnu.org/software/hurd/hacking-guide/
["Enjoy this bug as long as you can, because when we will fix it, you ]
[ will get the correct, non-functional behaviour" -- Marcus Brinkmann ]

Reply to: