From: Katie Subject: Re: [PATCH]: Add POSIX O_CLOFORK flag To: Philip Guenther , Ricardo Branco Cc: tech@openbsd.org Date: Sun, 22 Jun 2025 05:46:43 -0400 Just want you to know that I respect you all so much. Thank you for all that you do, Katie On 2025-06-22 03:09, Ricardo Branco wrote: > On 6/22/25 2:35 AM, Philip Guenther wrote: > >> On Sat, Jun 21, 2025 at 4:44 PM Philip Guenther >> wrote: >> >> On Sat, Jun 21, 2025 at 4:04 PM Ricardo Branco >> wrote: >> >> This initial patch adds support for POSIX O_CLOFORK (close-on-fork) >> flag. >> >> If there's interest, I can update manpages and fill the TODO list in >> the PR: >> https://github.com/openbsd/src/pull/46 >> >> I uploaded the full test-suite from Illumos adapted to OpenBSD >> there. >> >> Work also being done to add this flag on: >> >> - FreeBSD: https://github.com/freebsd/freebsd-src/pull/1698 >> - DragonflyBSD: https://github.com/DragonFlyBSD/DragonFlyBSD/pull/28 >> >> The discussion for adding this flag was done in the FreeBSD PR. >> >> Nope. I implemented this myself last summer, but after Damien >> Miller >> suggest that OpenSSH would want to clear the flag on inherited fds >> we >> decided the specified behavior of O_CLOFORK being inherited across >> exec is insecure, unnecessary for purpose, and kinda insane. I >> opened >> a ticket with austin group: >> https://austingroupbugs.net/view.php?id=1851 >> >> Geoff Clare was going to reach out to other implementations to get >> feedback but nothing has happened since. >> >> Maybe we should say that more than 10 months was sufficient for >> austin-group to address a potential security issue, in which case >> I'll >> rebase my diff, but with clearing the flag on exec because WTH were >> they thinking. > > Rebased diff, with cleared-on-exec behavior, attached, in case you > want to play with it, Richardo. > Regress tests would be wonderful :) > > Thanks. Will have a look at it. > > This flag is already implemented in Solaris / Illumos. > > I adapted the Illumos' testsuite to *BSD in each PR but plan to extend > the ones we have for CLOEXEC. But first dig into the ticket. > > Best, > Ricardo.