mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
337ae2374e
This avoids needing to setgid gpg-agent. It probably doesn't defend against all possible attacks, but it defends against one specific (and easy) one. If there are other protections we should do them too. This will make it slightly harder to debug the agent because the normal user won't be able to attach gdb to it directly while it runs. The remaining options for debugging are: * launch the agent from gdb directly * connect gdb to a running agent as the superuser Upstream bug: https://dev.gnupg.org/T1211 Gbp-Pq: Topic block-ptrace-on-secret-daemons Gbp-Pq: Name Avoid-simple-memory-dumps-via-ptrace.patch