It seems to me this all depends on the order of things you do to
create a daemon. You could make sure the RNG is inited, chroot,
and then fork for instance. And I suspect there are actually
programs that do it in that order.
Yes.
I think the safest thing is for us to not change the default. Programs that
know they are going to fork can do the right/safe thing. It would be nicer if
we could automatically always do the right thing, but I don’t think it’s
possible.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
