On Tue, May 13, 2014 at 07:08:10PM +0200, Jason A. Donenfeld wrote: > On Mon, May 12, 2014 at 5:19 PM, Gilles Chehade <gil...@poolp.org> wrote: > > > > We have abused the term "privsep", in this particular case it's not > > really privileges separation but really vmem. space separation. The > > goal was to isolate that code from the network, it could be done in > > the lookup process (as done with first version) but it's just nicer > > for us to have this done in a standalone process. > > > The idea being to protect against heartbleed-style attacks? But not to > protect against, say, arbitrary code execution? >
yes, the process is already isolated, we don't really think there's any reason to also have a dedicated user -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org