Re: How do people remount /usr read-only after apt-get?

To: Debian-User <debian-user@lists.debian.org>
Subject: Re: How do people remount /usr read-only after apt-get?
From: Jacob Anawalt <jacob@cachevalley.com>
Date: Sat, 04 Oct 2003 00:44:13 -0600
Message-id: <[🔎] 3F7E6C3D.8020006@cachevalley.com>
In-reply-to: <BRoS.1ca.7@gated-at.bofh.it>
References: <BRoS.1ca.7@gated-at.bofh.it>

Malcolm Ferguson wrote:
[snip]

2) This makes me wonder why we don't restart affected processes afterapplying security patches. For instance, today's OpenSSL patch seemedto affect ssh and bind. Well, I had to restart them as part of remount/usr ro. Presumably those processes were still using a vulnerableversion of the library. Ssh was doubly annoying as I had to log out andlog back in ;)

Every Debian update I've installed like this has had text saying "Youwill need to restart all services that depend on this library".

I've never had to log out and in to restart sshd. I don't know if myconnection is passed from one process to the next, or if the old processhangs on until I log out, but I've restarted it (and cycled myinterfaces down and up) while connected many times (which I think isvery nice!)


--
Jacob

Reply to:

Prev by Date: Re: Recommendations for donated machines
Next by Date: Re: New OpenSSL installed -- recompilation required?
Previous by thread: How do people remount /usr read-only after apt-get?
Next by thread: spell checking with emacs-wiki
Index(es):
- Date
- Thread