fork without exec needs to start being considered an unreasonable security risk.
-
-
Replying to @RichFelker
Not only is it UB in multi-threaded parents. It also limits you to blacklist model for scrubbing sensitive data, vs whitelist with fork+exec
4 replies 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker Used wisely, fork w/o exec is actually a way to contain sensitive data to a temporary sub-process. popa3d and pam_tcb do that.1 reply 0 retweets 0 likes
@solardiz I don't mean you can't do smart things with fork, just that the typical uses are serious risks.
7:19 AM - 16 Jan 2015
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.