security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity
gnupg/agent
History
Daniel Kahn Gillmor 337ae2374e Avoid simple memory dumps via ptrace 
This avoids needing to setgid gpg-agent.  It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one.  If there are other protections we should do them too.

This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.

The remaining options for debugging are:

 * launch the agent from gdb directly
 * connect gdb to a running agent as the superuser

Upstream bug: https://dev.gnupg.org/T1211

Gbp-Pq: Topic block-ptrace-on-secret-daemons
Gbp-Pq: Name Avoid-simple-memory-dumps-via-ptrace.patch
2019-07-20 14:16:19 -04:00
..
agent.h agent: Stop scdaemon after reload when disable_scdaemon. 2019-05-27 09:01:55 +02:00
all-tests.scm tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
cache.c agent: Make the request origin a part of the cache items. 2018-03-27 08:40:58 +02:00
call-pinentry.c agent: Clear bogus pinentry cache, when it causes an error. 2019-02-06 16:54:14 +09:00
call-scd.c agent: Stop scdaemon after reload when disable_scdaemon. 2019-05-27 09:01:55 +02:00
ChangeLog-2011 Fix typos 2015-10-28 10:20:17 +01:00
command-ssh.c agent: For SSH key, don't put NUL-byte at the end. 2019-05-21 09:15:41 +02:00
command.c Return better error code for some getinfo IPC commands. 2019-06-03 16:33:50 +02:00
cvt-openpgp.c agent: Make the request origin a part of the cache items. 2018-03-27 08:40:58 +02:00
cvt-openpgp.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
divert-scd.c agent: Fix for suggested Libgcrypt use. 2019-02-25 08:49:31 +01:00
findkey.c agent: correct length for uri and comment on 64-bit big-endian platforms 2019-05-14 10:34:13 +02:00
genkey.c agent: Make the request origin a part of the cache items. 2018-03-27 08:40:58 +02:00
gpg-agent-w32info.rc w32: Add icons and version information. 2013-05-07 21:35:48 +02:00
gpg-agent.c Avoid simple memory dumps via ptrace 2019-07-20 14:16:19 -04:00
keyformat.txt doc: Fix Dijkstra 2017-12-08 07:40:06 +01:00
learncard.c agent: Fix returning GPG_ERR_NOT_FOUND wrongly. 2017-11-02 17:04:03 +01:00
Makefile.am tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
pkdecrypt.c Spelling fixes in docs and comments. 2017-04-28 10:06:33 +09:00
pksign.c agent: Minor cleanup (mostly for documentation). 2017-07-28 10:38:57 +02:00
preset-passphrase.c Fix usage of ARGPARSE_OPTS. 2017-07-19 13:41:18 +09:00
protect-tool.c agent: Make the request origin a part of the cache items. 2018-03-27 08:40:58 +02:00
protect.c agent: Make the S2K calibration time runtime configurable. 2018-12-11 18:14:38 +01:00
t-protect.c agent: Fix description of shadow format. 2017-12-08 09:19:50 +09:00
trans.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
trustlist.c Spelling fixes in docs and comments. 2017-04-28 10:06:33 +09:00
w32main.c agent: Resolve conflict of util.h. 2017-03-07 19:22:48 +09:00
w32main.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00