Re: glibc 2.3.1-1 needs restarting network services
Michael Stone <mstone@debian.org> writes:
> On Sat, Oct 19, 2002 at 07:37:46AM -0200, Henrique de Moraes Holschuh wrote:
> >Not that it matters, since Goto already said they would add the restart
> >code anyway.
>
> What we really need is a general mechanism for either restarting or
> warning about *any* program that has a problematic library open. (Cf.
> the problems people had when a recent libssl security upgrade required
> a restart of e.g., apache-ssl -- or a locally compiled copy of
> apache-ssl. It doesn't make sense for a library maintainer to keep a
> list of problematic programs, because such a list will never be
> comprehensive.
Perhaps something as simple as mimicking lsof[0] and doing something
clever with the output, such as determine which init.d/-script belongs
to which service, restart these, warn about the rest of the unknown
processes using the old files, and so on.
This is especially true for security updates, because after a fresh
glibc security update my system looks like this:
lady:~# lsof +L1
COMMAND PID USER FD TYPE DEVICE SIZE NLINK NODE NAME
devfsd 35 root mem DEL 9,3 0 63515 /lib/ld-2.2.5.so.dpkg-new
devfsd 35 root mem DEL 9,3 0 63521 /lib/libdl-2.2.5.so.dpkg-new
devfsd 35 root mem DEL 9,3 0 63518 /lib/libc-2.2.5.so.dpkg-new
devfsd 35 root mem DEL 9,3 0 63524 /lib/libnss_compat-2.2.5.so.dpkg-new
devfsd 35 root mem DEL 9,3 0 63523 /lib/libnsl-2.2.5.so.dpkg-new
(..repeat for portmap, syslogd, klogd, rpc.statd, sshd, etc).
I always check lsof after installing new library packages, but I believe
a normal user will probably happily run dist-upgrade, get new packages
from security.d.o, and go about his life thinking he's «safe». Quite
likely he never even read the DSA which I guess reccomends restarting
services.
[0] Or making lsof Essential: yes, of course. ;-)
--
Tore Anderson
Reply to: