From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS40173 216.86.168.0/24 X-Spam-Status: No, score=-3.7 required=3.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.0 Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id A744520314 for ; Thu, 9 Mar 2017 04:52:13 +0000 (UTC) Received: from battleground.jeremyevans.local (unknown [73.90.99.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 4D658509C3; Wed, 8 Mar 2017 23:52:12 -0500 (EST) Received: from jeremyevans.local (speedstar.jeremyevans.local [10.187.8.2]) by battleground.jeremyevans.local (OpenSMTPD) with ESMTP id ac2dbe58; Wed, 8 Mar 2017 20:52:10 -0800 (PST) Date: Wed, 8 Mar 2017 20:52:10 -0800 From: Jeremy Evans To: Eric Wong Cc: unicorn-public@bogomips.org Subject: Re: [PATCH] Add worker_exec configuration option Message-ID: <20170309045210.GB35527@jeremyevans.local> References: <20170308184432.GA35527@jeremyevans.local> <20170308200256.GA21719@whir> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170308200256.GA21719@whir> User-Agent: Mutt/1.7.2 (2016-11-26) List-Id: On 03/08 08:02, Eric Wong wrote: > Jeremy Evans wrote: > > The worker_exec configuration option makes all worker processes > > exec after forking. This initializes the worker processes with > > separate memory layouts, defeating address space discovery > > attacks on operating systems supporting address space layout > > randomization, such as Linux, MacOS X, NetBSD, OpenBSD, and > > Solaris. > > > > Support for execing workers is very similar to support for reexecing > > the master process. The main difference is the worker's to_i and > > master pipes also need to be inherited after worker exec just as the > > listening sockets need to be inherited after reexec. > > Thanks, this seems like an acceptable feature. Eric, Thanks for your detailed review. I will work on an updated patch and try to send it tomorrow or Friday. Thanks, Jeremy