Index: b/agent/gpg-agent.c
===================================================================
--- b/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -48,6 +48,9 @@
 # include <signal.h>
 #endif
 #include <npth.h>
+#ifdef HAVE_PRCTL
+# include <sys/prctl.h>
+#endif
 
 #define GNUPG_COMMON_NEED_AFLOCAL
 #include "agent.h"
@@ -705,6 +708,11 @@
   struct assuan_malloc_hooks malloc_hooks;
 
   early_system_init ();
+  
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+  /* Disable ptrace on Linux without sgid bit */
+  prctl(PR_SET_DUMPABLE, 0);
+#endif
 
   /* Before we do anything else we save the list of currently open
      file descriptors and the signal mask.  This info is required to
Index: b/configure.ac
===================================================================
--- b/configure.ac
+++ b/configure.ac
@@ -1249,6 +1249,7 @@
 AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r strtoull])
 AC_CHECK_FUNCS([setenv unsetenv fcntl ftruncate inet_ntop])
 AC_CHECK_FUNCS([canonicalize_file_name])
+AC_CHECK_FUNCS([prctl])
 AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
 AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
 AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo])