jbra...@dismail.de, le jeu. 14 août 2025 22:30:07 -0400, a ecrit: > +Developers could improve the Hurd by adding various security > +extentions: > + > +- The hurd lacks a high quality random number generator that can be > + called inside libc, inside the kernel, inside pthread, etc. A good > + example function is > + [arc4random](https://man.openbsd.org/arc4random.3).
? We do have the random translator, which uses gcrypt for hashing. > +- The Hurd lacks a method to restrict system calls like > + [pledge](https://man.openbsd.org/pledge.2). That can be done by interposing RPCs as one sees fit. > +- The Hurd lacks a way to restrict paths of the VFS like > + [unveil](https://man.openbsd.org/unveil.2). > + > + unveil ("/etc/fstab", "r"); That can be done by interposing the lookup RPC. Samuel
