I don't know. This was a very early description of how it would work that I read, a long time ago.

Thinking it through as a thought experiment, the way that I'd do it, a process with no credentials would not be able to open anything for write access and only a limited number of things for execute access, and be limited to a minimal amount of read access. One does not have to follow the POSIX model when one is introducing something so definitely outside of it as a process with no user/group IDs (perfectly fine as far as raw Hurd is concerned).

There was precedent for such ideas. On Novell Netware, MS/PC/DR-DOS clients could access only one server directory, containing the LOGIN program, until they had logged their machine on.