[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#151305: Needs to restart cron (and probably others) on upgrade

On 01-Jul-02, 12:05 (CDT), Steve Langasek <vorlon@netexpress.net> wrote: 
> On Sun, Jun 30, 2002 at 09:37:55PM -0700, Stephen Zander wrote:
> > >>>>> "Sam" == Sam Hartman <hartmans@debian.org> writes:
> >     Sam> What do people think about this?  I'm not sure doing a cron
> >     Sam> restart on all pam upgrades is right.
> > How else would you recover from this?  I assume the underlying problem
> > revolves around processes holding on to old libraries after new
> > libraries are installed.  As libc6 already has to deal with this issue
> > it should be relatively easy to lift code to do this for PAM libaries
> > as well.
> AIUI, the problem with glibc is that some services will fail to run
> correctly after upgrading if they are NOT restarted, whereas the problem
> with libpam is that some services will fail to run correctly after
> upgrading if they ARE restarted.  In the first case, a restart is
> desirable because we don't want to break users' machines on upgrade; but
> in the second case, restarting services is only a debugging aid for
> spotting library bugs more easily. 

In this particular instance, yes, but it does point out a general
problem with potential security implications (as Sam mentioned in
his first note): updating a shared library doesn't help any running
processes. If that process is a long-running daemon, it may be quite a
while before it gets restarted, and since many of those long-running
daemons are network servers, it's particulary troublesome. Yes, an admin
upgrading a shared library for a security alert should know how to find
and restart the affected daemons (or even just reboot), but I can
imagine a tool that 

1) looked for all the packages that Depend on a the shared library package.
2) looked through the file lists for those packages that had
/etc/init.d scripts.
3) ran /etc/init.d/foo restart (or better, the new invoke-rc.d interface).

Nope, not a complete solution, but it might be a start.


Steve Greenland

    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world.       -- seen on the net

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: