I've been meaning to ask: Why does the hurd attempt to re-authenticate open file descriptors during exec? It seems to eliminate a rather convenient method of delegation; a process opening a descriptor, forking and executing a child, and dropping privileges, while retaining access to that one resource. I realise you can still do this by manipulating ports directly (this only applies specifically to the contents of the descriptor table). Is it required for posix compliance somehow, or was there some other interesting use case?