[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tests running as (real) root?

On Sun, 2014-10-12 at 10:01 -0700, Russ Allbery wrote:
> Svante Signell <svante.signell@gmail.com> writes:
> > On Sun, 2014-10-12 at 16:36 +0200, Julien Cristau wrote:
> >> If that means you need to run your gnome session as root in order to get
> >> mlocked secrets, maybe the tests failing is a good thing, and somebody
> >> should fix Hurd instead.
> > What about setuid root?
> While there are differing opinions about this, I think the most common
> feeling is that the additional security gained via mlock/mprotect is not
> worth the increased attack surface created by making binaries setuid root.
> But it's a hard choice, since the attacks mlock/mprotect defend against
> are different than the typical attacks against setuid binaries.

setuid has worked for ages. For example how many X servers have been
compromised the last 30 years? Maybe there is a trend to replace by
something else because it is not fashionable (new) enough.

Reply to: