Fork and exec
As documented on OpenBSD’s innovation’s page:
Use of fork+exec in privilege separated programs. The strategy is to give each process a fresh & unique address space for ASLR, stack protector – as protection against address space discovery attacks. Implemented first by Damien Miller (
sshd(8)2004), Claudio Jeker (
bgpd(8), 2015), Eric Faurot (
smtpd(8), 2016), Rafael Zalamena (various, 2016), and others.
Damien (djm) Miller indeed implemented
fork + exec in
openssh. This was suggested by Theo de Raadt in an OpenBSD hackaton, in
Several packages followed: eigrpd in Jun 2016 ldpd in May 2016
It seems that OpenBSD was the first to add an
exec after the
security purposes, and this is indeed an excellent idea, reducing the number of
reusable information an attacker can infer/reuse between different executions.