I probably don't need to go into too much detail about the security implications of suid, but in short, setting the suid bit on an executable introduces attack vectors, since the program will run as root regardless of which user executed it. Increasingly, there are non-suid alternatives for the functionality of common suid binaries (e.g. run0 in place of sudo, Polkit switching to a service-based approach for their agent, etc).
As described by @scaronni here, a non-suid approach was tested recently, but was stopped because it was failing in some cases.
Revisiting and fixing a non-suid approach would be beneficial for the security of NVIDIA users on Linux systems.
I probably don't need to go into too much detail about the security implications of suid, but in short, setting the suid bit on an executable introduces attack vectors, since the program will run as root regardless of which user executed it. Increasingly, there are non-suid alternatives for the functionality of common suid binaries (e.g.
run0in place ofsudo, Polkit switching to a service-based approach for their agent, etc).As described by @scaronni here, a non-suid approach was tested recently, but was stopped because it was failing in some cases.
Revisiting and fixing a non-suid approach would be beneficial for the security of NVIDIA users on Linux systems.