[RCU] enigma binary
nick.z.edwards at gmail.com
Thu Jul 21 07:02:34 CEST 2016
After sorting out proc_open but changing to suhosin blacklist instead
native php disable, things progressed, however
just wiped out the config and used fresh, with and without $rcmail_config
or $config... I clearly have wrong option idea for the path to it as
roundcube error now says binary not found, is $config['enigma_pgp_binary']
= 'path/file'; actually the right entry to use?
On Thu, Jul 21, 2016 at 1:52 PM, Nick Edwards <nick.z.edwards at gmail.com>
> Hi Alec,
> // Enigma Plugin options
> // --------------------
> // A driver to use for PGP. Default: "gnupg".
> $rcmail_config['enigma_pgp_driver'] = 'gnupg';
> // A driver to use for S/MIME. Default: "phpssl".
> $rcmail_config['enigma_smime_driver'] = 'phpssl';
> // Keys directory for all users. Default 'enigma/home'.
> // Must be writeable by PHP process
> $rcmail_config['enigma_pgp_homedir'] = null;
> $rcmail_config['enigma_pgp_binary'] = '/opt/webmail/plugins/enigma/gpg';
> ^^^^^^^ This doesn't seem to change anything?
> [Thu Jul 21 13:44:54.060378 2016] [:error] [pid 6431:tid 2843577200]
> [client ] PHP Warning: is_executable(): open_basedir restriction in
> effect. File(/usr/bin/gpg) is not within the allowed path(s): ( bunch of
> paths) in /opt/webmail/plugins/enigma/lib/Crypt/GPG/Engine.php on line
> 1651, referer:
> repeat this with attempt at /usr/local/bin/gpg
> [Thu Jul 21 13:44:54.093373 2016] [:error] [pid 6431:tid 2843577200]
> [client ] PHP Fatal error: Call to undefined method
> Crypt_GPG_SubKey::usage() in
> /opt/webmail/plugins/enigma/lib/enigma_driver_gnupg.php on line 437,
> referer: https://xxxxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys
> we are using gnupg 1.4.x
> On Wed, Jul 20, 2016 at 5:52 PM, A.L.E.C <alec at alec.pl> wrote:
>> On 07/20/2016 09:40 AM, Nick Edwards wrote:
>> > For security purposes we disable paths and functions, is there a way we
>> > can enable the pgp binary if we move it to the enigma home directory?
>> You can already set path to gpg binary via enigma_pgp_binary option.
>> However, for GnuPG 2.x you'll need to set also gpg-agent path which is
>> not yet supported by config option. You'd need to set $options['agent']
>> > We have also
>> > disable_functions = exec, shell_exec, system, virtual, show_source,
>> > passthru, escapeshellcmd, proc_open, popen, pclose, phpinfo,
>> > parse_ini_file, eval
>> Crypt_GPG uses proc_open().
>> Aleksander 'A.L.E.C' Machniak
>> Kolab Groupware Developer [http://kolab.org]
>> Roundcube Webmail Developer [http://roundcube.net]
>> PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
>> Roundcube Users mailing list
>> users at lists.roundcube.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users