How to authenticate permissions of a local user?

David Pick D.M.Pick@qmw.ac.uk
Wed, 16 Jun 1999 18:09:28 +0100



> <snip>
>
> The problem is the passphrase for the local network authentication
> script. I'm not sure how to get it to GPG without giving it to the
> users (which would defeat the whole purpose of the authentication
> script).
>
> My initial intent was that I would have a setuid script which would read
> in the passphrase from a file which is only readable by the owner of the
> authentication script. It would then fork & exec GPG, redirecting its
> stdin & stdout to allow the authentication script to send the passphrase
> and the command to be signed. I now see that GPG is taking its I/O from
> the tty instead of stdin/stdout, so I can't do that.
>
> There may very well be a security hole here which I have overlooked if I
> was able to pull this off (feel free to point it out if so).
>
> Does anyone have any suggestions? Alternate solutions?
>
> Thanks in advance for any help.
Passphrases are really intended to certify the identity of the user running the command - and need to be interactive. There *is* an option "--passphrase-fd" which allows you to specify that the passphrase should be read from that (numeric) FD, but the documentation *also* says "Don't use this option if you can avoid it". Since you say you'd put the passphrase in a file only readably by the SUID script, an alternative would be to use a key *without* a passphrase stored in a keyring only readable by the SUID script. This is equivalent in terms of the protection it gives. -- David Pick