gpgme's override-session-key property leaks into the process table

Werner Koch wk at
Wed Nov 16 10:20:13 CET 2016

On Wed, 16 Nov 2016 07:22, dkg at said:

> Fixing this would probably require fixing gpg itself
> (e.g. --override-session-key-fd or --override-session-key-envvar) and
> then adjusting how it's invoked in gpgme.

Both done.  Thus when using gnupg 2.1.16 the session key will be set with
--override-session-key-fd.  I added qwarning notes for use with older
gpg versions.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161116/92640428/attachment-0001.sig>

More information about the Gnupg-devel mailing list