From: Mark Kettenis Subject: Re: libtls: a step towards privsep by default To: "Theo de Raadt" Cc: julo.chrobak@gmail.com, tech@openbsd.org Date: Sat, 13 Apr 2024 18:41:12 +0200 > From: "Theo de Raadt" > Date: Sat, 13 Apr 2024 10:32:56 -0600 > > If I understand this proposal, it is that libtls would eventually > start to call call fork. > > I think it is not a good idea to have libraries that call fork > themselves. It is something that a program should be responsible > for, not a library. Programs handle process hierarchies and the > consequences of having children, and this should not be a surprising > feature of using a library. 100% agree. A long time ago I did some work on implementing grantpt() in glibc using a setuid helper program. Let's say I was young and naive... But it didn't end well.