Your message dated Thu, 17 Aug 2006 10:17:23 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#355005: fixed in openbsd-inetd 0.20050402-2 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: openbsd-inetd Version: 20040915-1 Tags: patch As supplied, openbsd-inetd removes various things - including PATH - from the environment of the services it runs. I realise that this is a response to people running the init.d start script with a stupid environment and filing bug reports, but unfortunately it's not a correct cure. In my opinion, all programs (including inetd services) are allowed to assume that they get a sane environment - _including_ a nice PATH with sbin and /usr/local (if appropriate), any other local settings, etc. etc. All my locally-written programs and local configuration generally rely on this. I arrange for it to be true by always starting daemons (like inetd) from `su -' which ensures a correct and sane environment. I realise that not everyone does this, and that question of how best to handle the problem of daemons' environments is not settled. For now an ad-hoc approach taken by each daemon's maintainer is not unreasonable (although it's not clear why this feature needed to be in inetd's C rather than eg with `env -' in the startup script). But in a system like mine which has a more uniformly correct approach, I need it to not launder the environment which I have so carefully prepared. In particular, I need to have _some_ way of specifying (eg) the PATH for services ! (I need to use openbsd-inetd because the netkit one is full of races which make it break for me.) So, I have added a new option -E which preserves the environment completely, and which I can then put in /etc/default. The patch is nice and small and is below. I had to move the call to `discard_stupid_environment' down after the option parsing but this looks OK to me. It's not quite clear to me why it was that early; nothing in the option parsing should be affected by it. My patch also includes documentation of the new option and thus of course documentation of the environment-laundering behaviour, which is another improvement :-). Regards, Ian. diff -ru orig/openbsd-inetd-0.20040915/debian/changelog openbsd-inetd-0.20040915/debian/changelog --- orig/openbsd-inetd-0.20040915/debian/changelog 2006-03-02 17:04:23.000000000 +0000 +++ openbsd-inetd-0.20040915/debian/changelog 2006-03-02 17:08:24.000000000 +0000 @@ -1,3 +1,10 @@ +openbsd-inetd (0.20040915-1.0.99iwj2) unstable; urgency=low + + * New -E option not to clobber the environment; + with documentation in inetd.8. + + -- Ian Jackson <[EMAIL PROTECTED]> Thu, 2 Mar 2006 17:08:24 +0000 + openbsd-inetd (0.20040915-1) unstable; urgency=low * New CVS snapshot. Only in openbsd-inetd-0.20040915/debian: changelog~ diff -ru orig/openbsd-inetd-0.20040915/inetd.8 openbsd-inetd-0.20040915/inetd.8 --- orig/openbsd-inetd-0.20040915/inetd.8 2006-03-02 17:04:23.000000000 +0000 +++ openbsd-inetd-0.20040915/inetd.8 2006-03-02 17:07:45.000000000 +0000 @@ -39,6 +39,7 @@ .Nm inetd .Op Fl d .Op Fl l +.Op Fl E .Op Fl R Ar rate .Op Ar configuration file .Sh DESCRIPTION @@ -63,6 +64,13 @@ .Bl -tag -width Ds .It Fl d Turns on debugging. +.It Fl E +Prevents +.Nm inetd +from laundering the environment. Without this option a selection of +environent variables believed by the authors to be harmful, including +.Pa PATH , +will be removed and not inherited by services. .It Fl l Turns on libwrap connection logging. Internal services cannot be wrapped. When enabled, diff -ru orig/openbsd-inetd-0.20040915/inetd.c openbsd-inetd-0.20040915/inetd.c --- orig/openbsd-inetd-0.20040915/inetd.c 2006-03-02 17:04:23.000000000 +0000 +++ openbsd-inetd-0.20040915/inetd.c 2006-03-02 17:01:56.000000000 +0000 @@ -184,6 +184,7 @@ int global_queuelen = 128; int debug = 0; +int keepenv = 0; int nsock, maxsock; fd_set *allsockp; int allsockn; @@ -357,9 +358,8 @@ initsetproctitle(argc, argv, envp); /* This must be called _after_ initsetproctitle */ - discard_stupid_environment(); - while ((ch = getopt(argc, argv, "dilq:R:")) != -1) + while ((ch = getopt(argc, argv, "dilEq:R:")) != -1) switch (ch) { case 'd': debug = 1; @@ -367,6 +367,9 @@ case 'i': nodaemon = 1; break; + case 'E': + keepenv = 1; + break; case 'l': #ifdef LIBWRAP lflag = 1; @@ -404,6 +407,8 @@ argc -= optind; argv += optind; + discard_stupid_environment(); + uid = getuid(); if (uid != 0) CONFIG = NULL; @@ -2289,6 +2294,9 @@ }; int i, k = 0; + + if (keepenv) + return; for (i = 0; __environ[i]; i++) { int found = 0, j; -- Ian Jackson, at home. Local/personal: [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.chiark.greenend.org.uk/~ijackson/ Problems mailing me ? Send [EMAIL PROTECTED] the bounce (bypasses the blocks).
--- End Message ---
--- Begin Message ---Source: openbsd-inetd Source-Version: 0.20050402-2 We believe that the bug you reported is fixed in the latest version of openbsd-inetd, which is due to be installed in the Debian FTP archive: openbsd-inetd_0.20050402-2.diff.gz to pool/main/o/openbsd-inetd/openbsd-inetd_0.20050402-2.diff.gz openbsd-inetd_0.20050402-2.dsc to pool/main/o/openbsd-inetd/openbsd-inetd_0.20050402-2.dsc openbsd-inetd_0.20050402-2_i386.deb to pool/main/o/openbsd-inetd/openbsd-inetd_0.20050402-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marco d'Itri <[EMAIL PROTECTED]> (supplier of updated openbsd-inetd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 17 Aug 2006 18:53:39 +0200 Source: openbsd-inetd Binary: openbsd-inetd Architecture: source i386 Version: 0.20050402-2 Distribution: unstable Urgency: medium Maintainer: Marco d'Itri <[EMAIL PROTECTED]> Changed-By: Marco d'Itri <[EMAIL PROTECTED]> Description: openbsd-inetd - The OpenBSD Internet Superserver Closes: 355005 376716 Changes: openbsd-inetd (0.20050402-2) unstable; urgency=medium . * Added a sleep command to the init script restart section. (Closes: #376716) * Added -E option not to clobber the environment, contribute by Ian Jackson. (Closes: #355005) * Priority raised to standard. Files: 34358d74b676cbd612f2dd7bc9a03273 607 net standard openbsd-inetd_0.20050402-2.dsc 7d0c1f52a2b3fdeb27a5742240d19817 13004 net standard openbsd-inetd_0.20050402-2.diff.gz 24d6db6a27bcc3a7944757274196300a 34390 net standard openbsd-inetd_0.20050402-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE5KFFFGfw2OHuP7ERAtwgAJ0X6M/6o2H8Teryx7eT2ZzdqGU61gCfUVla WQzqV0j6yDqNA4q/YvQAfGk= =WFDL -----END PGP SIGNATURE-----
--- End Message ---
