Ubuntu
openvpn package

openvpn server startup script broken

Bug #379412 reported by Enrico Zanolin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: openvpn

Description: Ubuntu 8.10
Release: 8.10

openvpn:
  Installed: 2.1~rc11-1ubuntu2
  Candidate: 2.1~rc11-1ubuntu2
  Version table:
 *** 2.1~rc11-1ubuntu2 0
        500 http://192.168.253.253 intrepid/main Packages
        100 /var/lib/dpkg/status

As of openvpn 2.1rc9 there is a new "script-security" feature.

In the file /etc/init.d/openvpn there is the following piece of code to handle it

    # Handle backwards compatibility
    if test -z $( grep '^[[:space:]]*script-security[[:space:]]' $CONFIG_DIR/$NAME.conf ) ; then
        script_security="--script-security 2"
    fi

Firstly to ensure proper backward compatibility it should set script-security to 3 not 2 as my server using an external auth plugin would not work with it set to 2 as passwords do not get passed in the environment vars. Secondly, if you set "script-security" in the server.conf file to try and "fix" the problem the startup script breaks with the following message.

"test: 278: 3: unexpected operator"

Cheers.

Revision history for this message
Thierry Carrez (ttx) wrote :

I agree using "script-security 2" isn't exactly backward-compatible but since previous versions had an insecure behavior it's a good trade-off. Passing passwords via environmental variables is... risky at best.

The rest of the bug is a dupe of bug 340120. Please followup there.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.