Applied.
FYI, secure memory requires setuid, something most applications aren't
or shouldn't be.
2008-01-15 Simon Josefsson <[EMAIL PROTECTED]>
* lib/gc-libgcrypt.c (gc_init): Disable secure memory by default.
Applications that requires it should initialize libgcrypt
manually.
diff --git a/lib/gc-libgcrypt.c b/lib/gc-libgcrypt.c
index a147d44..bec7b76 100644
--- a/lib/gc-libgcrypt.c
+++ b/lib/gc-libgcrypt.c
@@ -1,5 +1,5 @@
/* gc-libgcrypt.c --- Crypto wrappers around Libgcrypt for GC.
- * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Simon Josefsson
+ * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008 Simon Josefsson
*
* This file is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published
@@ -46,6 +46,9 @@ gc_init (void)
err = gcry_control (GCRYCTL_ANY_INITIALIZATION_P);
if (err == GPG_ERR_NO_ERROR)
{
+ if (gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0))
+ return GC_INIT_ERROR;
+
if (gcry_check_version (GCRYPT_VERSION) == NULL)
return GC_INIT_ERROR;
