openvpn server startup script broken
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: openvpn
Description: Ubuntu 8.10
Release: 8.10
openvpn:
Installed: 2.1~rc11-1ubuntu2
Candidate: 2.1~rc11-1ubuntu2
Version table:
*** 2.1~rc11-1ubuntu2 0
500 http://
100 /var/lib/
As of openvpn 2.1rc9 there is a new "script-security" feature.
In the file /etc/init.d/openvpn there is the following piece of code to handle it
# Handle backwards compatibility
if test -z $( grep '^[[:space:
fi
Firstly to ensure proper backward compatibility it should set script-security to 3 not 2 as my server using an external auth plugin would not work with it set to 2 as passwords do not get passed in the environment vars. Secondly, if you set "script-security" in the server.conf file to try and "fix" the problem the startup script breaks with the following message.
"test: 278: 3: unexpected operator"
Cheers.
I agree using "script-security 2" isn't exactly backward-compatible but since previous versions had an insecure behavior it's a good trade-off. Passing passwords via environmental variables is... risky at best.
The rest of the bug is a dupe of bug 340120. Please followup there.