Bug#1113774: Disabling -fcf-protection in sudo for bookworm
Hello,
I'd like to ask about a point in this CTTE advice for Marc:
On Sun, 23 Nov 2025 23:03:49 +0100, Christoph wrote:
> On Thu, 20 Nov 2025 10:09:25 +0100, Helmut wrote:
> > A minor aspect missing in the
> > summary is that -fcf-protection is actually controlling two distinct
> > features with one flag, one of which poses the problem we've been
> > discussing. The other feature likewise does not apply to i386.
> > Therefore, this addition does not affect the conclusion.
>
> Thanks, I should have mentioned that in the summary. I left it out
> from the ballot because only half-disabling the feature would likely
> not make the clean, "obviously correct" patch that Marc wanted.
My reading of the thread is that fcf-protection=return can be
security-effective on 32-bit x86 processors, has no effect on binary
size, and does not introduce the compatibility issues that
fcf-protection=branch does.
I think this is what Helmut was pointing out -- the two halves of the
flag's behaviour.
My uncertainty/concern is why the CTTE decision seems to be to remove
the flag entirely, because I worry that that would reduce security,
something that I understand Marc wants to avoid.
So to reformulate that as a question: why is the advice to remove the
flag completely, instead of reducing it to fcf-protection=return?
Thanks,
James
Reply to: