gpg2/gnupg-gpg-agent-ulimit.patch
Pedro Monreal Gonzalez 637188eb82 Accepting request 678281 from home:olh:branches:Base:System
- Allow coredumps in X11 desktop sessions (bsc#1124847)
  gpg-agent unconditionally disables coredumps, which is not
  supposed to happen in the code path that does just exec(argv[])
  gnupg-gpg-agent-ulimit.patch

OBS-URL: https://build.opensuse.org/request/show/678281
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=221
2019-02-26 17:21:53 +00:00

36 lines
1.4 KiB
Diff

gpg-agent is in the chain of commands in xinitrc.
It receives a list of commands via argv[] which it is supposed to launch via exec.
In this mode all what matters is a bunch of setenv() of gpg related variables.
At no point it must fiddle with ulimit that was provided by its callers.
In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session.
Every code path before the fork() call does no sensitive things, so coredumps do not matter.
gpg-agent does fork a child in this mode.
That child has the liberty to tweak ulimit in every way it wants.
This is what this patch does.
Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process.
As a result, crashes of desktop applications can not be debugged.
References: bsc#1124847
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1049,7 +1049,6 @@ main (int argc, char **argv )
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL);
- disable_core_dumps ();
/* Set default options. */
parse_rereadable_options (NULL, 0); /* Reset them to default values. */
@@ -1738,6 +1737,7 @@ main (int argc, char **argv )
/*
This is the child
*/
+ disable_core_dumps ();
initialize_modules ();