Give more information why we fork & exec, pointed out by kurtm.
This commit is contained in:
parent
76dedab468
commit
f1fbf312bd
11
privsep.org
11
privsep.org
@ -427,10 +427,13 @@ flags =-E= and =-F= control if the child process runs as /frontend/ or
|
|||||||
|
|
||||||
execvp(argv0, argv);
|
execvp(argv0, argv);
|
||||||
#+end_src
|
#+end_src
|
||||||
Using fork & exec ensures that the child processes get a different
|
We used to only fork child processes, which is good enough for
|
||||||
memory layout. If there is an information leak in one process it
|
privilege separation. [[https://github.com/openbsd/src/commit/13ff36d2c36132325d9cc409c0621ef948f1e2e3][It then occurred to us that the child process
|
||||||
cannot be used by an attacker to find gadgets in a different,
|
will have the same memory layout and use the same stack protector
|
||||||
potentially more privileged process.
|
cookies.]] Using fork & exec ensures that the child processes get a
|
||||||
|
different memory layout. If there is an information leak in one
|
||||||
|
process it cannot be used by an attacker to find gadgets in a
|
||||||
|
different, potentially more privileged process.
|
||||||
|
|
||||||
Going back to the main function, [[https://github.com/openbsd/src/blob/3c46ceeaef274bbef234dac63245c4b6567168d7/sbin/dhcpleased/dhcpleased.c#L200][after option parsing]] we know if we
|
Going back to the main function, [[https://github.com/openbsd/src/blob/3c46ceeaef274bbef234dac63245c4b6567168d7/sbin/dhcpleased/dhcpleased.c#L200][after option parsing]] we know if we
|
||||||
are still in the parent process or in /engine/ or /frontend/ process:
|
are still in the parent process or in /engine/ or /frontend/ process:
|
||||||
|
Loading…
Reference in New Issue
Block a user