From: Philip Guenther <guenther@gmail.com>
Subject: Re: [PATCH]: Add POSIX O_CLOFORK flag
To: Ricardo Branco <rbranco@suse.de>
Cc: tech@openbsd.org
Date: Mon, 23 Jun 2025 21:10:27 -0700

On Sat, Jun 21, 2025 at 4:44 PM Philip Guenther <guenther@gmail.com> wrote:
...
> Nope.  I implemented this myself last summer, but after Damien Miller
> suggest that OpenSSH would want to clear the flag on inherited fds we
> decided the specified behavior of O_CLOFORK being inherited across
> exec is insecure, unnecessary for purpose, and kinda insane.  I opened
> a ticket with austin group:
>     https://austingroupbugs.net/view.php?id=1851
>
> Geoff Clare was going to reach out to other implementations to get
> feedback but nothing has happened since.  <shrug>
>
> Maybe we should say that more than 10 months was sufficient for
> austin-group to address a potential security issue, in which case I'll
> rebase my diff, but with clearing the flag on exec because WTH were
> they thinking.

Alan Coopersmith has reported in the ticket that while Solaris 11.3
implemented the POSIX behavior, they talked internally and Solaris
11.4.78 changed to my proposal, clearing the flag on exec.


Philip Guenther