Fork and exec
As documented on OpenBSD’s innovation’s page:
Use of fork+exec in privilege separated programs. The strategy is to give each process a fresh & unique address space for ASLR, stack protector – as protection against address space discovery attacks. Implemented first by Damien Miller (
sshd(8)2004), Claudio Jeker (
bgpd(8), 2015), Eric Faurot (
smtpd(8), 2016), Rafael Zalamena (various, 2016), and others.
It seems that OpenBSD was the first to add an
exec after the
security purposes, and this is indeed an excellent idea, reducing the number of
reusable information an attacker can infer/reuse between different executions.