gpg2/gnupg-gpg-agent-ulimit.patch

36 lines
1.4 KiB
Diff

gpg-agent is in the chain of commands in xinitrc.
It receives a list of commands via argv[] which it is supposed to launch via exec.
In this mode all what matters is a bunch of setenv() of gpg related variables.
At no point it must fiddle with ulimit that was provided by its callers.
In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session.
Every code path before the fork() call does no sensitive things, so coredumps do not matter.
gpg-agent does fork a child in this mode.
That child has the liberty to tweak ulimit in every way it wants.
This is what this patch does.
Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process.
As a result, crashes of desktop applications can not be debugged.
References: bsc#1124847
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1049,7 +1049,6 @@ main (int argc, char **argv )
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
- disable_core_dumps ();
/* Set default options. */
parse_rereadable_options (NULL, 0); /* Reset them to default values. */
@@ -1738,6 +1737,7 @@ main (int argc, char **argv )
/*
This is the child
*/
+ disable_core_dumps ();
initialize_modules ();