Opened 6 years ago

Closed 6 years ago

#423 closed Bug / Defect (fixed)

/etc/init.d/openvpn relies on current directory in $PATH

Reported by: kcarson Owned by: Gert Döring
Priority: minor Milestone:
Component: Configuration Version: OpenVPN 2.3.4 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

The init script /etc/init.d/openvpn changes into the working directory ($work=/etc/openvpn) and for every "*.conf" file in that directory executes a corresponding "*.sh" script if it exists.

The problem is the way the "*.sh" script is executed. The single line in /etc/init.d/openvpn script is written ". $bn.sh" But this can be a problem as the script starts with "#!/bin/sh" In linux, /bin/sh is commonly linked to a POSIX compliant shell -- if /bin/sh is linked to /bin/bash, bash will start up in POSIX mode when started with the /bin/sh command.

POSIX doesn't search in the current directory for an executable so unless the user executing /etc/init.d/openvpn happens to have "." in their $PATH then /etc/openvpn/*.sh script won't be found. The simple fix is to make the /etc/init.d/openvpn script line read ". ./$bn.sh" or ". $work/$bn.sh" to explicitly specify the script that should be executed is the one in the $work directory.

In my case, my environment is CentOS 6.5 and the output of the openvpn --version is:
OpenVPN 2.3.4 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 3 2014
library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@…>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no

Change History (2)

comment:1 Changed 6 years ago by Gert Döring

Owner: set to Gert Döring
Status: newaccepted

I so love working around bash surprises... but anyway, I can reproduce it, and in general it's a matter of good taste to not rely on $PATH when running stuff from the local directory.

comment:2 Changed 6 years ago by Gert Döring

Resolution: fixed
Status: acceptedclosed

Patch has been applied to the master and release/2.3 branches.

commit cf31d5f32197159691fa9e3e4afcfc35307702d6 (master)
commit 75c3a82e8085233306107495d6b1e0b1ab19eccf (release/2.3)

Note: See TracTickets for help on using tickets.