PHP-gnupg in jail - apache and tty

Gót András andrej at antiszoc.hu
Sat Jan 14 09:06:34 UTC 2012


Hello,

Currently I'm facing a wierd problem. I should have an environment in a 
jail where a PHP script (with pecl-gnupg) is able to sign messages with 
PGP. However it turned out, that PGP needs a tty in the jail, which is 
available if I use tmux or ssh login to the jail and signing from shell 
works. From the apache-php side, I got a "data signing failed" and 
nothing more useful. Of course I tried ktrace, but I couldn't find 
anything useful. I know that Apache should have a real login shell if 
php-gnupg is used, so it has one. (Yes I know it's bad, but it's a 
dedicated environment for this web application only.)

On Linux I could do a tty with mknod in a chroot and signing worked 
with php-gnupg.

Anyone has any idea to start with?

Thanks,
Andras


More information about the freebsd-stable mailing list