Re: Bug#151305: Needs to restart cron (and probably others) on upgrade

To: debian-devel@lists.debian.org
Subject: Re: Bug#151305: Needs to restart cron (and probably others) on upgrade
From: Steve Greenland <steveg@moregruel.net>
Date: Fri, 5 Jul 2002 08:40:34 -0500
Message-id: <[🔎] 20020705134034.GA2981@molehole.dyndns.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: Steve Greenland <steveg@moregruel.net>
In-reply-to: <[🔎] 20020701170547.GA6294@dodds.net>
References: <tsl3cv7dsrh.fsf@konishi-polis.mit.edu> <87vg8012sc.fsf@rabbit.fire-swamp.net> <[🔎] 20020701170547.GA6294@dodds.net>

On 01-Jul-02, 12:05 (CDT), Steve Langasek <vorlon@netexpress.net> wrote: 
> On Sun, Jun 30, 2002 at 09:37:55PM -0700, Stephen Zander wrote:
> > >>>>> "Sam" == Sam Hartman <hartmans@debian.org> writes:
> >     Sam> What do people think about this?  I'm not sure doing a cron
> >     Sam> restart on all pam upgrades is right.
> 
> > How else would you recover from this?  I assume the underlying problem
> > revolves around processes holding on to old libraries after new
> > libraries are installed.  As libc6 already has to deal with this issue
> > it should be relatively easy to lift code to do this for PAM libaries
> > as well.
> 
> AIUI, the problem with glibc is that some services will fail to run
> correctly after upgrading if they are NOT restarted, whereas the problem
> with libpam is that some services will fail to run correctly after
> upgrading if they ARE restarted.  In the first case, a restart is
> desirable because we don't want to break users' machines on upgrade; but
> in the second case, restarting services is only a debugging aid for
> spotting library bugs more easily. 

In this particular instance, yes, but it does point out a general
problem with potential security implications (as Sam mentioned in
his first note): updating a shared library doesn't help any running
processes. If that process is a long-running daemon, it may be quite a
while before it gets restarted, and since many of those long-running
daemons are network servers, it's particulary troublesome. Yes, an admin
upgrading a shared library for a security alert should know how to find
and restart the affected daemons (or even just reboot), but I can
imagine a tool that 

1) looked for all the packages that Depend on a the shared library package.
2) looked through the file lists for those packages that had
/etc/init.d scripts.
3) ran /etc/init.d/foo restart (or better, the new invoke-rc.d interface).

Nope, not a complete solution, but it might be a start.

Steve

-- 
Steve Greenland

    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world.       -- seen on the net

-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Bug#151305: Needs to restart cron (and probably others) on upgrade
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Re: Woody status
Next by Date: Re: Woody status
Previous by thread: Re: Bug#151305: Needs to restart cron (and probably others) on upgrade
Next by thread: Re: Bug#151305: Needs to restart cron (and probably others) on upgrade
Index(es):
- Date
- Thread