Re: Tests running as (real) root?
On Sun, 2014-10-12 at 10:01 -0700, Russ Allbery wrote:
> Svante Signell <firstname.lastname@example.org> writes:
> > On Sun, 2014-10-12 at 16:36 +0200, Julien Cristau wrote:
> >> If that means you need to run your gnome session as root in order to get
> >> mlocked secrets, maybe the tests failing is a good thing, and somebody
> >> should fix Hurd instead.
> > What about setuid root?
> While there are differing opinions about this, I think the most common
> feeling is that the additional security gained via mlock/mprotect is not
> worth the increased attack surface created by making binaries setuid root.
> But it's a hard choice, since the attacks mlock/mprotect defend against
> are different than the typical attacks against setuid binaries.
setuid has worked for ages. For example how many X servers have been
compromised the last 30 years? Maybe there is a trend to replace by
something else because it is not fashionable (new) enough.