From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Tue, 11 Aug 2015 20:28:26 -0400
Subject: Avoid simple memory dumps via ptrace
This avoids needing to setgid gpg-agent. It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one. If there are other protections we should do them too.
This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.
The remaining options for debugging are:
- launch the agent from gdb directly
- connect gdb to a running agent as the superuser
Upstream bug: https://bugs.gnupg.org/gnupg/issue1211
agent/gpg-agent.c | 8 ++++++++
configure.ac | 1 +
2 files changed, 9 insertions(+)