[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tests running as (real) root?

Svante Signell <svante.signell@gmail.com> writes:
> On Sun, 2014-10-12 at 16:36 +0200, Julien Cristau wrote:

>> If that means you need to run your gnome session as root in order to get
>> mlocked secrets, maybe the tests failing is a good thing, and somebody
>> should fix Hurd instead.

> What about setuid root?

While there are differing opinions about this, I think the most common
feeling is that the additional security gained via mlock/mprotect is not
worth the increased attack surface created by making binaries setuid root.
But it's a hard choice, since the attacks mlock/mprotect defend against
are different than the typical attacks against setuid binaries.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: