As part of the arc4random() suite we need a guaranteed way that we can effectively zero data in a child process. For example, with arc4random() we want to make sure that our child doesn't inherit the PRNG state that we have in the parent. Unfortunately atfork() interfaces are a bad fit for several reasons:
- It is not guaranteed that atfork() will fire from a signal handler
- atfork() handlers do not fire when forkall() is used
While we could try to create a new atfork like interface that always fired, this ends up having its own series of challenges. This adds a private memcntl interface to allow us to do this. It, importantly, only works on anonymous privately mapped memory, limiting the potential scope and impact in a way that corresponds to the uses of it.