Unix Daemons and the Hurd Security Model

ftpd under Unix
Very often exploited
Runs as root during startup
Runs as root during authentication phase
Drops privileges only after authentication

Solution
Avoid running as root
Impossible under Unix

Exploiting the Hurd model
Run with no identity token
Has no access to the system
When the user authenticates himself, raise permission