> On Jun 9, 2024, at 03:02, Marc Haber <mh+debian-de...@zugschlus.de> wrote:
>
> On Sat, 08 Jun 2024 07:25:49 +0000, Laszlo Merenyi
> <meren...@protonmail.com> wrote:
>> I was able to make sudo (and visudo) executable working on this CPU, by
>> recompiling the sudo-1.9.15p5 source code package on the target with
>> manually removed "-fcf_protection" hardening option.
>>
>> I did not yet met any other program in Bookworm's i386 release having
>> similar "illegal instruction" issue. So, by using a recompiled sudo,
>> Bookworm seems to work on Vortex86DX3.
>
> I am part of the sudo maintainer team in Debian. Sudo is a security
> relevant software, and in the team we decided that it is more
> important to have a maximally hardened binary than to run on hardware
> that doesnt have official support.
>
> I'd rather not weaken sudo security for all over supporting a tiny
> part of the hardware base. Also, the bug is a toolchain topic in my
> opinion, sudo is just a user of the problematic toolchain features.
>
> I'm open for arguments though. Please also see #1043281 which has most
> of the technical points there.
That argument puts the cart before the horse. Changes to the 'sudo' package
come later... maybe. (If this were a normal e-mail thread, I would change the
subject line to make that clearer.)
The question right now is: Is this processor supported at all?
On the one hand it does not fit the description of currently supported 32-bit
686-class processors. It doesn't support the instruction that Intel backported
into their processors after publishing the specs. (Which was a shady move, but
one thing at a time.)
On the other hand, the reasoning behind the decision to not support some of
these processors was based on these processors being old, rare, off the market,
etc. But this processor is still being sold, complete with motherboards for a
number of applications.
So given that these no longer fit the "old and busted" description, is Debian
going to stick with the decision to not support them? Or is Debian going to
continue to support this processor, since it is still apparently a viable
product, enough that new systems are using it?
Only after that issue is addressed does anyone need to worry about sudo.
Depending on the answer, that is.
--J
