After sorting out proc_open but changing to suhosin blacklist instead native php disable, things progressed, however just wiped out the config and used fresh, with and without $rcmail_config or $config... I clearly have wrong option idea for the path to it as roundcube error now says binary not found, is $config['enigma_pgp_binary'] = 'path/file'; actually the right entry to use?
On Thu, Jul 21, 2016 at 1:52 PM, Nick Edwards <[email protected]> wrote: > Hi Alec, > > > // Enigma Plugin options > // -------------------- > > // A driver to use for PGP. Default: "gnupg". > $rcmail_config['enigma_pgp_driver'] = 'gnupg'; > > // A driver to use for S/MIME. Default: "phpssl". > $rcmail_config['enigma_smime_driver'] = 'phpssl'; > > // Keys directory for all users. Default 'enigma/home'. > // Must be writeable by PHP process > $rcmail_config['enigma_pgp_homedir'] = null; > > $rcmail_config['enigma_pgp_binary'] = '/opt/webmail/plugins/enigma/gpg'; > > ^^^^^^^ This doesn't seem to change anything? > > [Thu Jul 21 13:44:54.060378 2016] [:error] [pid 6431:tid 2843577200] > [client ] PHP Warning: is_executable(): open_basedir restriction in > effect. File(/usr/bin/gpg) is not within the allowed path(s): ( bunch of > paths) in /opt/webmail/plugins/enigma/lib/Crypt/GPG/Engine.php on line > 1651, referer: > https://xxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys > > repeat this with attempt at /usr/local/bin/gpg > > then > > [Thu Jul 21 13:44:54.093373 2016] [:error] [pid 6431:tid 2843577200] > [client ] PHP Fatal error: Call to undefined method > Crypt_GPG_SubKey::usage() in > /opt/webmail/plugins/enigma/lib/enigma_driver_gnupg.php on line 437, > referer: https://xxxxxxxxxxxxxx/?_task=settings&_action=plugin.enigmakeys > > we are using gnupg 1.4.x > > > On Wed, Jul 20, 2016 at 5:52 PM, A.L.E.C <[email protected]> wrote: > >> On 07/20/2016 09:40 AM, Nick Edwards wrote: >> > For security purposes we disable paths and functions, is there a way we >> > can enable the pgp binary if we move it to the enigma home directory? >> >> You can already set path to gpg binary via enigma_pgp_binary option. >> However, for GnuPG 2.x you'll need to set also gpg-agent path which is >> not yet supported by config option. You'd need to set $options['agent'] >> around >> >> https://github.com/roundcube/roundcubemail/blob/master/plugins/enigma/lib/enigma_driver_gnupg.php#L87 >> >> > We have also >> > disable_functions = exec, shell_exec, system, virtual, show_source, >> > passthru, escapeshellcmd, proc_open, popen, pclose, phpinfo, >> > parse_ini_file, eval >> >> Crypt_GPG uses proc_open(). >> >> -- >> Aleksander 'A.L.E.C' Machniak >> Kolab Groupware Developer [http://kolab.org] >> Roundcube Webmail Developer [http://roundcube.net] >> --------------------------------------------------- >> PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl >> _______________________________________________ >> Roundcube Users mailing list >> [email protected] >> http://lists.roundcube.net/mailman/listinfo/users >> > >
_______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
