On 23.08.2025 23:03, Thorsten Glaser wrote:
On Sat, 23 Aug 2025, Michael Tokarev wrote:No use cases - no matter existing or not, no matter how important they are - warrant a huge security hole to be shipped in debian.Then don’t ship it by default but provide instructions for how users can re-enable it without needing to compile qemu themselves, maybe?
We don't ship instructions how to `chmod u+s /bin/sh` for a reason. We don't post `rm -rf /` on support channels on IRC for this same reason. This is something which should never be done. C flag for qemu is of exactly the same theme. If you're experienced enough to actually understand the implications (and no, "how many systems were exploited" does not count here), you can figure out how to change a flag within binfmt registration and how to override package-supplied binfmt.d entry locally. The last part (overriding it locally) is trivial. It will NOT be shipped in any README file because it is the wrong thing to do, but it is trivial to do. And I don't really understand why this simple change generated so much heat in you. Thanks, /mjt