Hi, Reading the report, this feature was announced in the Trixie release notes.
https://www.debian.org/releases/stable/release-notes/whats-new.html#hardening-against-rop-and-cop-jop-attacks-on-amd64-and-arm64 You may want to consider a backport to Trixie. I was checking that enable-cet could cause plugins or libraries loaded with dlopen to fail, while enable-cet=permissive deactivates CET while dlopen gets executed. As per other distros, checking provided Fedora link and SUSE, both seem to set enable-cet in their strict version (probably after they have rebuilt the archive with permissive option). https://build.opensuse.org/projects/openSUSE:Factory/packages/glibc/files/glibc.spec?expand=1 Héctor Orón -.. . -... .. .- -. -.. . ...- . .-.. --- .--. . .-.
