On Mon, May 12, 2014 at 5:19 PM, Gilles Chehade <gil...@poolp.org> wrote: > > We have abused the term "privsep", in this particular case it's not > really privileges separation but really vmem. space separation. The > goal was to isolate that code from the network, it could be done in > the lookup process (as done with first version) but it's just nicer > for us to have this done in a standalone process.
The idea being to protect against heartbleed-style attacks? But not to protect against, say, arbitrary code execution?
