Your message dated Tue, 03 Oct 2017 15:12:41 +0200
with message-id <[email protected]>
and subject line Re: openvpn: can't shed privileges if using connect-script
has caused the Debian Bug report #476704,
regarding openvpn: can't shed privileges if using connect-script
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
476704: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476704
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openvpn
Version: 2.1~rc7-1
Severity: important
In a low privilege, dynamic setup with:
...
user nobody
client-connect some-script.sh
current (and maybe previous) openvpn sheds privileges before executing
script. But unfortunately, path on script's $1 is relative to his pwd.
So in debian, with daemon started per default on --cd /etc/openvpn, this
option become unusable unless i override it with explicit --cd in my
conf file.
I'm also not so happy to have nobody generated config snippets on /tmp,
so i'd rather prefer a /var/run/openvpn owned by openvpn user, where
write temporary conf files.
In any case, i think this can have a note on README.Debian, making
easier to understand for client-connect wannabes like me :P
cheers,
ale
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openvpn depends on:
ii cdebconf [debconf-2.0] 0.130 Debian Configuration Management Sy
ii debconf [debconf-2.0] 1.5.20 Debian configuration management sy
ii libc6 2.7-10 GNU C Library: Shared libraries
ii liblzo2-2 2.02-3 data compression library
ii libpam0g 0.99.7.1-6 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8g-8 SSL shared libraries
openvpn recommends no packages.
-- debconf information:
openvpn/change_init: false
openvpn/change_init2: false
openvpn/create_tun: false
* openvpn/stop2upgrade: false
openvpn/default_port:
--- End Message ---
--- Begin Message ---
Hello,
first thank you for spending your time helping to make Debian better
with this bug report.
This bug was filled against release 2.1~rc7-1. At Debian the last
supported release is 2.4.0-6.
So I close this 9 years old bug.
If the bug still occurs please file a new bug.
CU
Jörg
PS.: [email protected] ends with Domain not found
--
New:
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key : 8CA1D25D
CAcert Key S/N : 0E:D4:56
Old pgp Key: BE581B6E (revoked since 2014-12-31).
Jörg Frings-Fürst
D-54470 Lieser
Threema: SYR8SJXB
Wire: @joergfringsfuerst
Skype: joergpenguin
Ring: jff
IRC: [email protected]
[email protected]
My wish list:
- Please send me a picture from the nature at your home.
signature.asc
Description: This is a digitally signed message part
--- End Message ---
