Job objects on Windows interfere with automatic start of gpg-agent
Open, NormalPublic


If a gpg.exe process is assigned to a job object, an automatically started gpg-agent.exe process inherits this association to the job object. While this is probably an uncommon situation, it can cause problems in the following scenario:

  1. The parent process creates a job object (Win32 system call CreateJobObject()).
  2. It starts gpg.exe and assigns it to the job object (AssignProcessToJobObject()).
  3. gpg.exe starts gpg-agent.exe.
  4. gpg.exe terminates.
  5. The parent process closes the job object. This terminates gpg-agent.exe similar to a kill (-process_group, SIGKILL) on Unix.

The gpg-agent process can't close and clean up its sockets. The next time gpg needs gpg-agent, it tries to connect it through the broken sockets and waits several seconds before it gives up and starts a new gpg-agent. This can considerably slow down decryptions.


GnuPG 2.2.12
jegrp created this task.Jan 21 2019, 6:58 PM

I've developed a simple patch that sets the CREATE_BREAKAWAY_FROM_JOB flag when creating a new background process. This flag requires a special permission on the job object, which is tested first. This means that the patch only works if the parent process sets JOB_OBJECT_LIMIT_BREAKAWAY_OK on the job object, otherwise the behavior should be as without the patch.

aheinecke triaged this task as Normal priority.
aheinecke added a subscriber: aheinecke.

That is a very interesting problem that we did not have on our radar.

Thanks for your patch. I have to look at some documentation to understand it, but I try to have it included in the next release.

fwiw. Your patch is beautiful in which it follows our coding style and debug output. I'm confident that we will accept it but currently I have to read up on Job's a bit.