Package: gnupg-agent Version: 2.0.0-5.2 Severity: normal It is possible to ptrace (strace or gdb) the gpg-agent program. This means that if an attacker compromises any process running on behalf of a user (an MUA or a web browser) then they can ptrace gpg-agent and wait for the GPG pass- phrase to be given to them.
If gpg-agent was setgid then ptrace would not be permitted and security would be slightly improved. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
