libc6 (security) update does not restart system-services?
Hi!
I've recently upgraded my Woody-Servers according to the latest
libc6 security update (DSA-282), and it seems that services were _not_
reloaded by the post-install-script!?
More detailed information:
When investigating the situation, I found out the following (if I read
everything right, please correct me if I'm wrong):
- dselect [U]pdate calls "dpkg --install new-package".
- Debian-Policy chapter 6 says that thus the new package's postinst
script is run with "configure" as the first command-line-argument.
- /var/lib/dpkg/info/libc6.postinst checks for "$1" == "configure"
(which is the case when updating, isn't it?). If true it afterwards
checks if "$2" is lower than "2.1.95-1" (I assume this corresponds to
the previously installed version) and _only if this the case_ it
restarts most of the services.
Woody comes with libc6 2.2.5-11.5, so the section about restarting
services is never reached.
This leaves the machine vulnerable as all services use the old library
until restarted.
Shouldn't the services be restarted when installing a new libc-version?
What reasons would there be not to restart services?
If everything _is_ designed not to restart the services, I suppose
telling the users to take care of that theirselves would be a good idea
for example using a simple "echo" in the post-install script (or
similar).
Thx in advance,
Max
--
The first time any man's freedom is trodden on, we're all damaged.
<Cpt. Picard, "The Drumhead", StarTrek TNG>
http://homex.subnet.at/~max/
Reply to: