On Sun, 2014-10-12 at 23:29 +0200, Svante Signell wrote: > On Sun, 2014-10-12 at 10:01 -0700, Russ Allbery wrote: > > Svante Signell <svante.sign...@gmail.com> writes: > > > On Sun, 2014-10-12 at 16:36 +0200, Julien Cristau wrote: > > > > >> If that means you need to run your gnome session as root in order to get > > >> mlocked secrets, maybe the tests failing is a good thing, and somebody > > >> should fix Hurd instead. > > > > > What about setuid root? > > > > While there are differing opinions about this, I think the most common > > feeling is that the additional security gained via mlock/mprotect is not > > worth the increased attack surface created by making binaries setuid root. > > But it's a hard choice, since the attacks mlock/mprotect defend against > > are different than the typical attacks against setuid binaries. > > setuid has worked for ages. For example how many X servers have been > compromised the last 30 years?
*ahem* CVE-2013-6462 Ben. > Maybe there is a trend to replace by > something else because it is not fashionable (new) enough. -- Ben Hutchings It is easier to change the specification to fit the program than vice versa.
signature.asc
Description: This is a digitally signed message part
