Svante Signell <svante.sign...@gmail.com> writes: > On Sun, 2014-10-12 at 16:36 +0200, Julien Cristau wrote:
>> If that means you need to run your gnome session as root in order to get >> mlocked secrets, maybe the tests failing is a good thing, and somebody >> should fix Hurd instead. > What about setuid root? While there are differing opinions about this, I think the most common feeling is that the additional security gained via mlock/mprotect is not worth the increased attack surface created by making binaries setuid root. But it's a hard choice, since the attacks mlock/mprotect defend against are different than the typical attacks against setuid binaries. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87k3456x46....@hope.eyrie.org