On Tue, May 13, 2014 at 07:08:10PM +0200, Jason A. Donenfeld wrote: > On Mon, May 12, 2014 at 5:19 PM, Gilles Chehade <[email protected]> wrote: > > > > We have abused the term "privsep", in this particular case it's not > > really privileges separation but really vmem. space separation. The > > goal was to isolate that code from the network, it could be done in > > the lookup process (as done with first version) but it's just nicer > > for us to have this done in a standalone process. > > > The idea being to protect against heartbleed-style attacks? But not to > protect against, say, arbitrary code execution? >
yes, the process is already isolated, we don't really think there's any reason to also have a dedicated user -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
