Another way that a distro can mitigate this (and other) attacks on a user process like gpg-agent is by installing it with the setgid bit set. The Linux kernel will prevent ptrace attacks on such a process in a race free manner.
for example, ssh-agent already does exactly this: ian@draal~ [i]> ls -l /usr/bin/ssh-agent -rwxr-sr-x 1 root ssh 350232 Mar 23 11:32 /usr/bin/ssh-agent* -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
