On Tue, 2017-09-19 at 21:07 +0200, Michael Kerrisk (man-pages) wrote:

> Thanks. I applied this, and tweaked the madvise.2 text a little, to
> read as follows (please let me know if I messed anything up):
> 
>        MADV_WIPEONFORK (since Linux 4.14)
>               Present the child process with zero-filled
> memory  in  this
>               range  after  a fork(2).  This is useful in forking
> servers
>               in order to ensure that  sensitive  per-
> process  data  (for
>               example,  PRNG  seeds, cryptographic secrets, and so
> on) is
>               not handed to child processes.
> 
>               The MADV_WIPEONFORK operation can be applied
> only  to  pri‐
>               vate anonymous pages (see mmap(2)).

That looks great. Thank you, Michael!

-- 
All rights reversed