Re: Bug#612752: Bind fails to start if $OPENSSL_CONF is set
On Thu, 10 Feb 2011, Ben Hutchings wrote:
> Package: bind9
> Version: 1:9.7.2.dfsg.P3-1.1
> I'm not sure whether this is a bug or my own configuration error.
>
> In interactive shells, I set $OPENSSL_CONF to point to the configuration
> file for my local CA. BIND should not use this, and indeed does not have
> permission to access it. However some part of OpenSSL initialisation
> (used for DNSSEC now?) honours it and fails due to the permission error.
> This is not logged anywhere; I had to use strace to work out where it
> failed.
We should probably start a campaign in Debian to have all init scripts
sanitize the environment of daemons they start.
I usually run initscripts using "env -i /etc/init.d/$foo start" to
achieve exactly that, but ideally the init script itself would do that.
Maybe start-stop-daemon should have an option to delete all but a
specified set of environment variables, maybe even enabled by default.
Cheers,
weasel
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
Reply to: