After sorting out proc_open but changing to suhosin blacklist instead native php disable, things progressed, however
just wiped out the config and used fresh, with and without $rcmail_config or $config...  I clearly have wrong option idea for the path to it as roundcube error now says binary not found, is $config['enigma_pgp_binary'] = 'path/file'; actually the right entry to use?




On Thu, Jul 21, 2016 at 1:52 PM, Nick Edwards <nick.z.edwards@gmail.com> wrote:
Hi Alec,


// Enigma Plugin options
// --------------------

// A driver to use for PGP. Default: "gnupg".
$rcmail_config['enigma_pgp_driver'] = 'gnupg';

// A driver to use for S/MIME. Default: "phpssl".
$rcmail_config['enigma_smime_driver'] = 'phpssl';

// Keys directory for all users. Default 'enigma/home'.
// Must be writeable by PHP process
$rcmail_config['enigma_pgp_homedir'] = null;

$rcmail_config['enigma_pgp_binary'] = '/opt/webmail/plugins/enigma/gpg';

^^^^^^^  This doesn't seem to change anything?

[Thu Jul 21 13:44:54.060378 2016] [:error] [pid 6431:tid 2843577200] [client ] PHP Warning:  is_executable(): open_basedir restriction in effect. File(/usr/bin/gpg) is not within the allowed path(s): ( bunch of paths) in /opt/webmail/plugins/enigma/lib/Crypt/GPG/Engine.php on line 1651, referer: https://xxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys

repeat this with attempt at /usr/local/bin/gpg

then

[Thu Jul 21 13:44:54.093373 2016] [:error] [pid 6431:tid 2843577200] [client ] PHP Fatal error:  Call to undefined method Crypt_GPG_SubKey::usage() in /opt/webmail/plugins/enigma/lib/enigma_driver_gnupg.php on line 437, referer: https://xxxxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys

we are using gnupg 1.4.x


On Wed, Jul 20, 2016 at 5:52 PM, A.L.E.C <alec@alec.pl> wrote:
On 07/20/2016 09:40 AM, Nick Edwards wrote:
> For security purposes we disable paths and functions, is there a way we
> can enable the pgp binary if we move it to the enigma home directory?

You can already set path to gpg binary via enigma_pgp_binary option.
However, for GnuPG 2.x you'll need to set also gpg-agent path which is
not yet supported by config option. You'd need to set $options['agent']
around
https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/lib/enigma_driver_gnupg.php#L87

> We have also
> disable_functions = exec, shell_exec, system, virtual, show_source,
> passthru, escapeshellcmd, proc_open, popen, pclose, phpinfo,
> parse_ini_file, eval

Crypt_GPG uses proc_open().

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer        [http://kolab.org]
Roundcube Webmail Developer  [http://roundcube.net]
---------------------------------------------------
PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl
_______________________________________________
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users