Re: Bug#151305: Needs to restart cron (and probably others) on upgrade
On 01-Jul-02, 12:05 (CDT), Steve Langasek <vorlon@netexpress.net> wrote:
> On Sun, Jun 30, 2002 at 09:37:55PM -0700, Stephen Zander wrote:
> > >>>>> "Sam" == Sam Hartman <hartmans@debian.org> writes:
> > Sam> What do people think about this? I'm not sure doing a cron
> > Sam> restart on all pam upgrades is right.
>
> > How else would you recover from this? I assume the underlying problem
> > revolves around processes holding on to old libraries after new
> > libraries are installed. As libc6 already has to deal with this issue
> > it should be relatively easy to lift code to do this for PAM libaries
> > as well.
>
> AIUI, the problem with glibc is that some services will fail to run
> correctly after upgrading if they are NOT restarted, whereas the problem
> with libpam is that some services will fail to run correctly after
> upgrading if they ARE restarted. In the first case, a restart is
> desirable because we don't want to break users' machines on upgrade; but
> in the second case, restarting services is only a debugging aid for
> spotting library bugs more easily.
In this particular instance, yes, but it does point out a general
problem with potential security implications (as Sam mentioned in
his first note): updating a shared library doesn't help any running
processes. If that process is a long-running daemon, it may be quite a
while before it gets restarted, and since many of those long-running
daemons are network servers, it's particulary troublesome. Yes, an admin
upgrading a shared library for a security alert should know how to find
and restart the affected daemons (or even just reboot), but I can
imagine a tool that
1) looked for all the packages that Depend on a the shared library package.
2) looked through the file lists for those packages that had
/etc/init.d scripts.
3) ran /etc/init.d/foo restart (or better, the new invoke-rc.d interface).
Nope, not a complete solution, but it might be a start.
Steve
--
Steve Greenland
The irony is that Bill Gates claims to be making a stable operating
system and Linus Torvalds claims to be trying to take over the
world. -- seen on the net
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: