gpgme's override-session-key property leaks into the process table
Werner Koch
wk at gnupg.org
Wed Nov 16 10:20:13 CET 2016
On Wed, 16 Nov 2016 07:22, dkg at fifthhorseman.net said:
> Fixing this would probably require fixing gpg itself
> (e.g. --override-session-key-fd or --override-session-key-envvar) and
> then adjusting how it's invoked in gpgme.
Both done. Thus when using gnupg 2.1.16 the session key will be set with
--override-session-key-fd. I added qwarning notes for use with older
gpg versions.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161116/92640428/attachment-0001.sig>
More information about the Gnupg-devel
mailing list