[openssl-dev] Work on a new RNG for OpenSSL
Salz, Rich
rsalz at akamai.com
Fri Aug 18 18:47:47 UTC 2017
It seems to me this all depends on the order of things you do to
create a daemon. You could make sure the RNG is inited, chroot,
and then fork for instance. And I suspect there are actually
programs that do it in that order.
Yes.
I think the safest thing is for us to not change the default. Programs that know they are going to fork can do the right/safe thing. It would be nicer if we could automatically always do the right thing, but I don’t think it’s possible.
More information about the openssl-dev
mailing list