[RCU] enigma binary

Nick Edwards nick.z.edwards at gmail.com
Thu Jul 21 07:02:34 CEST 2016


After sorting out proc_open but changing to suhosin blacklist instead
native php disable, things progressed, however
just wiped out the config and used fresh, with and without $rcmail_config
or $config...  I clearly have wrong option idea for the path to it as
roundcube error now says binary not found, is $config['enigma_pgp_binary']
= 'path/file'; actually the right entry to use?




On Thu, Jul 21, 2016 at 1:52 PM, Nick Edwards <nick.z.edwards at gmail.com>
wrote:

> Hi Alec,
>
>
> // Enigma Plugin options
> // --------------------
>
> // A driver to use for PGP. Default: "gnupg".
> $rcmail_config['enigma_pgp_driver'] = 'gnupg';
>
> // A driver to use for S/MIME. Default: "phpssl".
> $rcmail_config['enigma_smime_driver'] = 'phpssl';
>
> // Keys directory for all users. Default 'enigma/home'.
> // Must be writeable by PHP process
> $rcmail_config['enigma_pgp_homedir'] = null;
>
> $rcmail_config['enigma_pgp_binary'] = '/opt/webmail/plugins/enigma/gpg';
>
> ^^^^^^^  This doesn't seem to change anything?
>
> [Thu Jul 21 13:44:54.060378 2016] [:error] [pid 6431:tid 2843577200]
> [client ] PHP Warning:  is_executable(): open_basedir restriction in
> effect. File(/usr/bin/gpg) is not within the allowed path(s): ( bunch of
> paths) in /opt/webmail/plugins/enigma/lib/Crypt/GPG/Engine.php on line
> 1651, referer:
> https://xxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys
>
> repeat this with attempt at /usr/local/bin/gpg
>
> then
>
> [Thu Jul 21 13:44:54.093373 2016] [:error] [pid 6431:tid 2843577200]
> [client ] PHP Fatal error:  Call to undefined method
> Crypt_GPG_SubKey::usage() in
> /opt/webmail/plugins/enigma/lib/enigma_driver_gnupg.php on line 437,
> referer: https://xxxxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys
>
> we are using gnupg 1.4.x
>
>
> On Wed, Jul 20, 2016 at 5:52 PM, A.L.E.C <alec at alec.pl> wrote:
>
>> On 07/20/2016 09:40 AM, Nick Edwards wrote:
>> > For security purposes we disable paths and functions, is there a way we
>> > can enable the pgp binary if we move it to the enigma home directory?
>>
>> You can already set path to gpg binary via enigma_pgp_binary option.
>> However, for GnuPG 2.x you'll need to set also gpg-agent path which is
>> not yet supported by config option. You'd need to set $options['agent']
>> around
>>
>> https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/lib/enigma_driver_gnupg.php#L87
>>
>> > We have also
>> > disable_functions = exec, shell_exec, system, virtual, show_source,
>> > passthru, escapeshellcmd, proc_open, popen, pclose, phpinfo,
>> > parse_ini_file, eval
>>
>> Crypt_GPG uses proc_open().
>>
>> --
>> Aleksander 'A.L.E.C' Machniak
>> Kolab Groupware Developer        [http://kolab.org]
>> Roundcube Webmail Developer  [http://roundcube.net]
>> ---------------------------------------------------
>> PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
>> _______________________________________________
>> Roundcube Users mailing list
>> users at lists.roundcube.net
>> http://lists.roundcube.net/mailman/listinfo/users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.roundcube.net/pipermail/users/attachments/20160721/802ecd6a/attachment.html>


More information about the users mailing list