36 lines
1.4 KiB
Diff
36 lines
1.4 KiB
Diff
|
gpg-agent is in the chain of commands in xinitrc.
|
||
|
|
It receives a list of commands via argv[] which it is supposed to launch via exec.
|
||
|
|
In this mode all what matters is a bunch of setenv() of gpg related variables.
|
||
|
|
At no point it must fiddle with ulimit that was provided by its callers.
|
||
|
|
In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session.
|
||
|
|
|
||
|
|
Every code path before the fork() call does no sensitive things, so coredumps do not matter.
|
||
|
|
|
||
|
|
gpg-agent does fork a child in this mode.
|
||
|
|
That child has the liberty to tweak ulimit in every way it wants.
|
||
|
|
This is what this patch does.
|
||
|
|
|
||
|
|
Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process.
|
||
|
|
As a result, crashes of desktop applications can not be debugged.
|
||
|
|
|
||
|
|
References: bsc#1124847
|
||
|
|
|
||
|
|
--- a/agent/gpg-agent.c
|
||
|
|
+++ b/agent/gpg-agent.c
|
||
|
|
@@ -1049,7 +1049,6 @@ main (int argc, char **argv )
|
||
|
|
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
|
||
|
|
gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
|
||
|
|
|
||
|
|
- disable_core_dumps ();
|
||
|
|
|
||
|
|
/* Set default options. */
|
||
|
|
parse_rereadable_options (NULL, 0); /* Reset them to default values. */
|
||
|
|
@@ -1738,6 +1737,7 @@ main (int argc, char **argv )
|
||
|
|
/*
|
||
|
|
This is the child
|
||
|
|
*/
|
||
|
|
+ disable_core_dumps ();
|
||
|
|
|
||
|
|
initialize_modules ();
|
||
|
|
|