From: Philip Guenther <guenther@gmail.com>
Subject: Re: [PATCH]: Add POSIX O_CLOFORK flag
To: Ricardo Branco <rbranco@suse.de>
Cc: tech@openbsd.org
Date: Sat, 21 Jun 2025 16:44:10 -0700

On Sat, Jun 21, 2025 at 4:04 PM Ricardo Branco <rbranco@suse.de> wrote:
>
> This initial patch adds support for POSIX O_CLOFORK (close-on-fork) flag.
>
> If there's interest, I can update manpages and fill the TODO list in the PR:
> https://github.com/openbsd/src/pull/46
>
> I uploaded the full test-suite from Illumos adapted to OpenBSD there.
>
> Work also being done to add this flag on:
>
> - FreeBSD: https://github.com/freebsd/freebsd-src/pull/1698
> - DragonflyBSD: https://github.com/DragonFlyBSD/DragonFlyBSD/pull/28
>
> The discussion for adding this flag was done in the FreeBSD PR.

Nope.  I implemented this myself last summer, but after Damien Miller
suggest that OpenSSH would want to clear the flag on inherited fds we
decided the specified behavior of O_CLOFORK being inherited across
exec is insecure, unnecessary for purpose, and kinda insane.  I opened
a ticket with austin group:
    https://austingroupbugs.net/view.php?id=1851

Geoff Clare was going to reach out to other implementations to get
feedback but nothing has happened since.  <shrug>

Maybe we should say that more than 10 months was sufficient for
austin-group to address a potential security issue, in which case I'll
rebase my diff, but with clearing the flag on exec because WTH were
they thinking.


Philip Guenther