[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#612752: Bind fails to start if $OPENSSL_CONF is set

Am Freitag, 25. Februar 2011 schrieb Peter Palfrader:
> On Thu, 10 Feb 2011, Ben Hutchings wrote:
> > Package: bind9
> > Version: 1:9.7.2.dfsg.P3-1.1
> > 
> > I'm not sure whether this is a bug or my own configuration error.
> > 
> > In interactive shells, I set $OPENSSL_CONF to point to the configuration
> > file for my local CA.  BIND should not use this, and indeed does not have
> > permission to access it.  However some part of OpenSSL initialisation
> > (used for DNSSEC now?) honours it and fails due to the permission error.
> > This is not logged anywhere; I had to use strace to work out where it
> > failed.
> We should probably start a campaign in Debian to have all init scripts
> sanitize the environment of daemons they start.
> I usually run initscripts using "env -i /etc/init.d/$foo start" to
> achieve exactly that, but ideally the init script itself would do that.
> Maybe start-stop-daemon should have an option to delete all but a
> specified set of environment variables, maybe even enabled by default.

service (8) does that already.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: