Hello, sudo maintainer here.
On Thu, Aug 21, 2025 at 04:48:35PM +0200, Marcos Del Sol Vives wrote:
The corresponding Debian issue are probably #1004893 and #1043281 which was boiled down to a GCC issue, #1005863 and https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104713
---- BEGIN my words ----
As the sudo maintainer, I am reluctant to turn off a hardening feature to support ancient CPUs. I would be reluctant to do that for a normal package, but ESPECIALLY for a package like sudo which is installed nearly everywhere and contains an suid root binary.
---- END my words ----
Would it be acceptable to, rather than disable it entirely as previously proposed, enable CET only when compiling for IA64 (amd64), but not for any other architecture?
As mentioned above, the answer is no. I am not willing to turn off a hardening feature for the entire architcture to support ancient CPUs.
The Technical Committee might give advice to do it anyway.
Hardware that support it for sure would still be protected that way
No, there is i386 hardware that can run current sudo just fine. As far as I know, only a certain CPU family that has some market share in the thin client market is affected by this.
Current sudo is perfectly usable on most i386 CPUs. Gretings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
