Re: Tests running as (real) root?
Svante Signell <firstname.lastname@example.org> writes:
> On Sun, 2014-10-12 at 16:36 +0200, Julien Cristau wrote:
>> If that means you need to run your gnome session as root in order to get
>> mlocked secrets, maybe the tests failing is a good thing, and somebody
>> should fix Hurd instead.
> What about setuid root?
While there are differing opinions about this, I think the most common
feeling is that the additional security gained via mlock/mprotect is not
worth the increased attack surface created by making binaries setuid root.
But it's a hard choice, since the attacks mlock/mprotect defend against
are different than the typical attacks against setuid binaries.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>