Am Freitag, 25. Februar 2011 schrieb Peter Palfrader: > On Thu, 10 Feb 2011, Ben Hutchings wrote: > > Package: bind9 > > Version: 1:9.7.2.dfsg.P3-1.1 > > > > I'm not sure whether this is a bug or my own configuration error. > > > > In interactive shells, I set $OPENSSL_CONF to point to the configuration > > file for my local CA. BIND should not use this, and indeed does not have > > permission to access it. However some part of OpenSSL initialisation > > (used for DNSSEC now?) honours it and fails due to the permission error. > > This is not logged anywhere; I had to use strace to work out where it > > failed. > > We should probably start a campaign in Debian to have all init scripts > sanitize the environment of daemons they start. > > I usually run initscripts using "env -i /etc/init.d/$foo start" to > achieve exactly that, but ideally the init script itself would do that. > > Maybe start-stop-daemon should have an option to delete all but a > specified set of environment variables, maybe even enabled by default. service (8) does that already. Greetings Timo
Description: This is a digitally signed message part.