Just want you to know that I respect you all so much.

Thank you for all that you do,
Katie

On 2025-06-22 03:09, Ricardo Branco wrote:
> On 6/22/25 2:35 AM, Philip Guenther wrote:
> 
>> On Sat, Jun 21, 2025 at 4:44 PM Philip Guenther
>> <guenther@gmail.com> wrote:
>> 
>> On Sat, Jun 21, 2025 at 4:04 PM Ricardo Branco <rbranco@suse.de>
>> wrote:
>> 
>> This initial patch adds support for POSIX O_CLOFORK (close-on-fork)
>> flag.
>> 
>> If there's interest, I can update manpages and fill the TODO list in
>> the PR:
>> https://github.com/openbsd/src/pull/46
>> 
>> I uploaded the full test-suite from Illumos adapted to OpenBSD
>> there.
>> 
>> Work also being done to add this flag on:
>> 
>> - FreeBSD: https://github.com/freebsd/freebsd-src/pull/1698
>> - DragonflyBSD: https://github.com/DragonFlyBSD/DragonFlyBSD/pull/28
>> 
>> The discussion for adding this flag was done in the FreeBSD PR.
>> 
>> Nope.  I implemented this myself last summer, but after Damien
>> Miller
>> suggest that OpenSSH would want to clear the flag on inherited fds
>> we
>> decided the specified behavior of O_CLOFORK being inherited across
>> exec is insecure, unnecessary for purpose, and kinda insane.  I
>> opened
>> a ticket with austin group:
>> https://austingroupbugs.net/view.php?id=1851
>> 
>> Geoff Clare was going to reach out to other implementations to get
>> feedback but nothing has happened since.  <shrug>
>> 
>> Maybe we should say that more than 10 months was sufficient for
>> austin-group to address a potential security issue, in which case
>> I'll
>> rebase my diff, but with clearing the flag on exec because WTH were
>> they thinking.
> 
> Rebased diff, with cleared-on-exec behavior, attached, in case you
> want to play with it, Richardo.
> Regress tests would be wonderful :)
> 
> Thanks.  Will have a look at it.
> 
> This flag is already implemented in Solaris / Illumos.
> 
> I adapted the Illumos' testsuite to *BSD in each PR but plan to extend
> the ones we have for CLOEXEC.  But first dig into the ticket.
> 
> Best,
> Ricardo.