This paper by Neal Walfield describes ‘the Hurd’ more clearly than I have seen before. The author has read the capability literature and writes from that perspective. The paper describes a system built on capabilities much like Keykos. See my notes on Mach (too).

I am skeptical about early introduction of “support for identity-based access control” as it seems unlikely that one can recover later (at higher levels) from the insecurities it introduces.

In the critique at the end (section 3) he reveals that each application holds the capability to the ‘user’s’ entire file hierarchy. He concludes that this is unacceptable and compares with Polaris and Plash.

His references at the end are well chosen.

Section 2.2 explains how Hurd plans to restart as the system lacks persistence. I do not understand this yet.

Hurd Status