On Tue, Jun 24, 2025 at 07:24:08AM +0200, Ricardo Branco wrote:
> 
> 
> On 6/24/25 6:10 AM, Philip Guenther wrote:
> > On Sat, Jun 21, 2025 at 4:44 PM Philip Guenther <guenther@gmail.com> wrote:
> > ...
> > > Nope.  I implemented this myself last summer, but after Damien Miller
> > > suggest that OpenSSH would want to clear the flag on inherited fds we
> > > decided the specified behavior of O_CLOFORK being inherited across
> > > exec is insecure, unnecessary for purpose, and kinda insane.  I opened
> > > a ticket with austin group:
> > >      https://austingroupbugs.net/view.php?id=1851
> > > 
> > > Geoff Clare was going to reach out to other implementations to get
> > > feedback but nothing has happened since.  <shrug>
> > > 
> > > Maybe we should say that more than 10 months was sufficient for
> > > austin-group to address a potential security issue, in which case I'll
> > > rebase my diff, but with clearing the flag on exec because WTH were
> > > they thinking.
> > Alan Coopersmith has reported in the ticket that while Solaris 11.3
> > implemented the POSIX behavior, they talked internally and Solaris
> > 11.4.78 changed to my proposal, clearing the flag on exec.
> > 
> > 
> > Philip Guenther
> I submitted a PR to OmniOS and asked if the oclo tests could be
> relicensed to BSD. Also asked Oxide Computers separately via email.
> 
> Awaiting response.
> 
> https://github.com/omniosorg/illumos-omnios/pull/1589

If these tests are good and worth running (as they probably are given
the source), we can always place the .c files into a port and have the
regress tests depend on that port.