[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#612752: Bind fails to start if $OPENSSL_CONF is set

On Thu, 10 Feb 2011, Ben Hutchings wrote:

> Package: bind9
> Version: 1:9.7.2.dfsg.P3-1.1

> I'm not sure whether this is a bug or my own configuration error.
> 
> In interactive shells, I set $OPENSSL_CONF to point to the configuration
> file for my local CA.  BIND should not use this, and indeed does not have
> permission to access it.  However some part of OpenSSL initialisation
> (used for DNSSEC now?) honours it and fails due to the permission error.
> This is not logged anywhere; I had to use strace to work out where it
> failed.

We should probably start a campaign in Debian to have all init scripts
sanitize the environment of daemons they start.

I usually run initscripts using "env -i /etc/init.d/$foo start" to
achieve exactly that, but ideally the init script itself would do that.

Maybe start-stop-daemon should have an option to delete all but a
specified set of environment variables, maybe even enabled by default.

Cheers,
weasel
-- 
                           |  .''`.       ** Debian **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/
Reply to: