Hi, On Sat, May 09, 2015 at 07:55:56AM -0000, David Woodhouse wrote: > A better approach would probably be to disable the atfork handlers in > OpenVPN entirely since I believe we don't need them.
With the patch to #480 which moves the only "real fork()" (daemon()) to "before any crypto stuff happens", we should never do any fork() now which will cause crypto operations in the child - so, if these handlers can be disabled (or turned into "assume there will be no crypto in the child, so just plain FAIL if any is attempted"), this could be a possible avenue out of this mess... I'm not sharing David S.'s concern about vfork() being deprecated, but if it is not actually fixing all aspects of the problem, it's not the right solution anyway - so, no need to really decide about that :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpWOJM0LpgLx.pgp
Description: PGP signature