Give more information why we fork & exec, pointed out by kurtm.

2023-02-19 11:17:28 +01:00 · 2023-02-19 11:17:28 +01:00 · f1fbf312bd
parent 76dedab468
commit f1fbf312bd
1 changed files with 7 additions and 4 deletions
--- a/privsep.org
+++ b/privsep.org
@ -427,10 +427,13 @@ flags =-E= and =-F= control if the child process runs as /frontend/ or

 	execvp(argv0, argv);
 #+end_src
-Using fork & exec ensures that the child processes get a different
-memory layout. If there is an information leak in one process it
-cannot be used by an attacker to find gadgets in a different,
-potentially more privileged process.
+We used to only fork child processes, which is good enough for
+privilege separation. [[https://github.com/openbsd/src/commit/13ff36d2c36132325d9cc409c0621ef948f1e2e3][It then occurred to us that the child process
+will have the same memory layout and use the same stack protector
+cookies.]] Using fork & exec ensures that the child processes get a
+different memory layout. If there is an information leak in one
+process it cannot be used by an attacker to find gadgets in a
+different, potentially more privileged process.

 Going back to the main function, [[https://github.com/openbsd/src/blob/3c46ceeaef274bbef234dac63245c4b6567168d7/sbin/dhcpleased/dhcpleased.c#L200][after option parsing]] we know if we
 are still in the parent process or in /engine/ or /frontend/ process: