From 2c63b13e3d1007ded5eafc65b446ab801e39e1d2 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Tue, 19 Sep 2017 20:38:29 +0200 Subject: [PATCH] madvise.2: Some tweaks to Rik's MADV_WIPEONFORK patch Reviewed-by: Rik van Riel Signed-off-by: Michael Kerrisk --- man2/madvise.2 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/man2/madvise.2 b/man2/madvise.2 index 19d838cfb..5b382e446 100644 --- a/man2/madvise.2 +++ b/man2/madvise.2 @@ -410,13 +410,14 @@ regardless of memory pressure. .\" commit d2cd9ede6e193dd7d88b6d27399e96229a551b19 Present the child process with zero-filled memory in this range after a .BR fork (2). -This is useful for per-process data in forking servers that should be -re-initialized in the child process after a fork, for example PRNG seeds, -cryptographic secrets, etc. +This is useful in forking servers in order to ensure +that sensitive per-process data +(for example, PRNG seeds, cryptographic secrets, and so on) +is not handed to child processes. .IP The .B MADV_WIPEONFORK -operation can only be applied to private anonymous pages (see +operation can be applied only to private anonymous pages (see .BR mmap (2)). .TP .BR MADV_KEEPONFORK " (since Linux 4.14)"