This avoids needing to setgid gpg-agent. It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one. If there are other protections we should do them too.
This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.
The remaining options for debugging are:
* launch the agent from gdb directly
* connect gdb to a running agent as the superuser
Upstream bug: https://bugs.gnupg.org/gnupg/issue1211
Gbp-Pq: Topic block-ptrace-on-agent
Gbp-Pq: Name 0002-Avoid-simple-memory-dumps-via-ptrace.patch
# include <signal.h>
#endif
#include <npth.h>
+#ifdef HAVE_PRCTL
+# include <sys/prctl.h>
+#endif
#define GNUPG_COMMON_NEED_AFLOCAL
#include "agent.h"
early_system_init ();
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+ /* Disable ptrace on Linux without sgid bit */
+ prctl(PR_SET_DUMPABLE, 0);
+#endif
+
/* Before we do anything else we save the list of currently open
file descriptors and the signal mask. This info is required to
do the exec call properly. We don't need it on Windows. */
AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r strtoull])
AC_CHECK_FUNCS([setenv unsetenv fcntl ftruncate inet_ntop])
AC_CHECK_FUNCS([canonicalize_file_name])
+AC_CHECK_FUNCS([prctl])
AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo])