Page MenuHome GnuPG
Create Task
Maniphest T4333

Job objects on Windows interfere with automatic start of gpg-agent
Closed, ResolvedPublic
Actions

Description

If a gpg.exe process is assigned to a job object, an automatically started gpg-agent.exe process inherits this association to the job object. While this is probably an uncommon situation, it can cause problems in the following scenario:

  1. The parent process creates a job object (Win32 system call CreateJobObject()).
  2. It starts gpg.exe and assigns it to the job object (AssignProcessToJobObject()).
  3. gpg.exe starts gpg-agent.exe.
  4. gpg.exe terminates.
  5. The parent process closes the job object. This terminates gpg-agent.exe similar to a kill (-process_group, SIGKILL) on Unix.

The gpg-agent process can't close and clean up its sockets. The next time gpg needs gpg-agent, it tries to connect it through the broken sockets and waits several seconds before it gives up and starts a new gpg-agent. This can considerably slow down decryptions.

Details

Version
GnuPG 2.2.12

Revisions and Commits

rG GnuPG
rGf20e9a464487 common,w32: Breakaway detached childs when in job
rG03df28b18b92 common,w32: Breakaway detached childs when in job

Related Objects
Search...

Event Timeline

jegrp created this task.Jan 21 2019, 6:58 PM
jegrp added a project: patch.Jan 21 2019, 7:06 PM

gnupg-2.2.12-w32-job.patch2 KBDownload

I've developed a simple patch that sets the CREATE_BREAKAWAY_FROM_JOB flag when creating a new background process. This flag requires a special permission on the job object, which is tested first. This means that the patch only works if the parent process sets JOB_OBJECT_LIMIT_BREAKAWAY_OK on the job object, otherwise the behavior should be as without the patch.

aheinecke claimed this task.Jan 28 2019, 7:22 PM
aheinecke triaged this task as Normal priority.
aheinecke added a subscriber: aheinecke.

That is a very interesting problem that we did not have on our radar.

Thanks for your patch. I have to look at some documentation to understand it, but I try to have it included in the next release.

aheinecke added a subtask: T4264: Gpg4win 3.1.6.Jan 28 2019, 7:22 PM
aheinecke added a comment.Jan 28 2019, 7:24 PM

fwiw. Your patch is beautiful in which it follows our coding style and debug output. I'm confident that we will accept it but currently I have to read up on Job's a bit.

jegrp added a comment.Mar 26 2019, 6:49 PM

From: aheinecke (Andre Heinecke)
Sent: Montag, 28. Januar 2019 19:25

fwiw. Your patch is beautiful in which it follows our coding style and
debug output. I'm confident that we will accept it but currently I have
to read up on Job's a bit.

Is there a way I could help you with this? This issue is hampering adoption
of GnuPG 2 here.

--

Jan Echternach

aheinecke edited subtasks, added: T4389: Gpg4win 3.1.8; removed: T4264: Gpg4win 3.1.6.Mar 27 2019, 1:48 PM

Sorry, this did not make it into 3.1.6. But I'll definitely see about it for the next release. If it is an institutional / corporate issue you could also contract us through www.gnupg.com

aheinecke changed the task status from Open to Testing.Apr 29 2019, 9:37 AM

I've applied your patch with an additional comment to our master branch. Thanks!

aheinecke added a commit: rG03df28b18b92: common,w32: Breakaway detached childs when in job.Apr 29 2019, 9:51 AM
aheinecke closed this task as Resolved.Sep 9 2019, 11:23 AM
aheinecke closed subtask T4389: Gpg4win 3.1.8 as Resolved.Sep 9 2019, 11:27 AM
werner added a commit: rGf20e9a464487: common,w32: Breakaway detached childs when in job.Jun 8 2021, 11:12 AM
werner mentioned this in T5482: Release GnuPG 2.2.28.Jun 10 2021, 5:42 PM