How to authenticate permissions of a local user?

[David Pick]

> <snip>
> 
> The problem is the passphrase for the local network authentication
> script.  I'm not sure how to get it to GPG without giving it to the
> users (which would defeat the whole purpose of the authentication
> script).
> 
> My initial intent was that I would have a setuid script which would read
> in the passphrase from a file which is only readable by the owner of the
> authentication script.  It would then fork & exec GPG, redirecting its
> stdin & stdout to allow the authentication script to send the passphrase
> and the command to be signed.  I now see that GPG is taking its I/O from
> the tty instead of stdin/stdout, so I can't do that.
> 
> There may very well be a security hole here which I have overlooked if I
> was able to pull this off (feel free to point it out if so).
> 
> Does anyone have any suggestions?  Alternate solutions?
> 
> Thanks in advance for any help.

Passphrases are really intended to certify the identity of the user running
the command - and need to be interactive. There *is* an option "--passphrase-fd"
which allows you to specify that the passphrase should be read from that
(numeric) FD, but the documentation *also* says "Don't use this option if
you can avoid it". Since you say you'd put the passphrase in a file only
readably by the SUID script, an alternative would be to use a key *without*
a passphrase stored in a keyring only readable by the SUID script. This is
equivalent in terms of the protection it gives.

-- 
	David Pick