[Pkg-exim4-users] regenerating certificates
Marc Haber
mh+pkg-exim4-users at zugschlus.de
Fri May 23 21:47:38 UTC 2008
On Fri, May 23, 2008 at 11:39:22AM -0700, Ross Boylan wrote:
> On Fri, 2008-05-23 at 18:26 +0200, Marc Haber wrote:
> > On Mon, May 19, 2008 at 11:05:21AM -0700, Ross Boylan wrote:
> > > Attached. It looks as if it's trying to access ~/.rnd, though there may
> > > be others before that.
> >
> > > 14507 open("~/.rnd", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 ENOENT (No such file or directory)
> > > 14507 write(2, "unable to write \'random state\'\n", 31) = 31
> >
> > I can just guess that openssl does not grok the ~ notation. Can you
> > try hacking and replace
> > RANDFILE = ~/.rnd
> > with
> > RANDFILE = $HOME/.rnd
> > and see if the error persists.
> Good guess! That solves the problem. The error message does not appear
> on the terminal, and the strace shows /root/.rnd being accessed without
> problem.
>
> I'm a little surprised it ran at all; maybe it falls back to some
> standard system source of entropy? Is the old configuration a security
> risk?
To my understanding, it's only an entropy cache which is used to
provide a better seed to the rnd. I have committed the fix to svn.
> Maybe it only happens in some environments. I logged in as myself, and
> then sux'd to root before running the script.
And I used sudo -H.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Pkg-exim4-users
mailing list