Hello, I'd like to ask about a point in this CTTE advice for Marc:
On Sun, 23 Nov 2025 23:03:49 +0100, Christoph wrote: > On Thu, 20 Nov 2025 10:09:25 +0100, Helmut wrote: > > A minor aspect missing in the > > summary is that -fcf-protection is actually controlling two distinct > > features with one flag, one of which poses the problem we've been > > discussing. The other feature likewise does not apply to i386. > > Therefore, this addition does not affect the conclusion. > > Thanks, I should have mentioned that in the summary. I left it out > from the ballot because only half-disabling the feature would likely > not make the clean, "obviously correct" patch that Marc wanted. My reading of the thread is that fcf-protection=return can be security-effective on 32-bit x86 processors, has no effect on binary size, and does not introduce the compatibility issues that fcf-protection=branch does. I think this is what Helmut was pointing out -- the two halves of the flag's behaviour. My uncertainty/concern is why the CTTE decision seems to be to remove the flag entirely, because I worry that that would reduce security, something that I understand Marc wants to avoid. So to reformulate that as a question: why is the advice to remove the flag completely, instead of reducing it to fcf-protection=return? Thanks, James
