diff --git a/privsep.org b/privsep.org
index efad96d..c0a001c 100644
--- a/privsep.org
+++ b/privsep.org
@@ -427,10 +427,13 @@ flags =-E= and =-F= control if the child process runs as /frontend/ or
 
 	execvp(argv0, argv);
 #+end_src
-Using fork & exec ensures that the child processes get a different
-memory layout. If there is an information leak in one process it
-cannot be used by an attacker to find gadgets in a different,
-potentially more privileged process.
+We used to only fork child processes, which is good enough for
+privilege separation. [[https://github.com/openbsd/src/commit/13ff36d2c36132325d9cc409c0621ef948f1e2e3][It then occurred to us that the child process
+will have the same memory layout and use the same stack protector
+cookies.]] Using fork & exec ensures that the child processes get a
+different memory layout. If there is an information leak in one
+process it cannot be used by an attacker to find gadgets in a
+different, potentially more privileged process.
 
 Going back to the main function, [[https://github.com/openbsd/src/blob/3c46ceeaef274bbef234dac63245c4b6567168d7/sbin/dhcpleased/dhcpleased.c#L200][after option parsing]] we know if we
 are still in the parent process or in /engine/ or /frontend/ process: