On Sun, 2014-10-12 at 10:01 -0700, Russ Allbery wrote: > Svante Signell <svante.sign...@gmail.com> writes: > > On Sun, 2014-10-12 at 16:36 +0200, Julien Cristau wrote: > > >> If that means you need to run your gnome session as root in order to get > >> mlocked secrets, maybe the tests failing is a good thing, and somebody > >> should fix Hurd instead. > > > What about setuid root? > > While there are differing opinions about this, I think the most common > feeling is that the additional security gained via mlock/mprotect is not > worth the increased attack surface created by making binaries setuid root. > But it's a hard choice, since the attacks mlock/mprotect defend against > are different than the typical attacks against setuid binaries.
setuid has worked for ages. For example how many X servers have been compromised the last 30 years? Maybe there is a trend to replace by something else because it is not fashionable (new) enough. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1413149392.2897.6.ca...@gmail.com
