[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libc6 (security) update does not restart system-services?


I've recently upgraded my Woody-Servers according to the latest
libc6 security update (DSA-282), and it seems that services were _not_
reloaded by the post-install-script!?

More detailed information:

When investigating the situation, I found out the following (if I read
everything right, please correct me if I'm wrong):

- dselect [U]pdate calls "dpkg --install new-package".
- Debian-Policy chapter 6 says that thus the new package's postinst
  script is run with "configure" as the first command-line-argument.
- /var/lib/dpkg/info/libc6.postinst checks for "$1" == "configure"
  (which is the case when updating, isn't it?). If true it afterwards
  checks if "$2" is lower than "2.1.95-1" (I assume this corresponds to
  the previously installed version) and _only if this the case_ it
  restarts most of the services.

Woody comes with libc6 2.2.5-11.5, so the section about restarting
services is never reached.

This leaves the machine vulnerable as all services use the old library
until restarted.

Shouldn't the services be restarted when installing a new libc-version?
What reasons would there be not to restart services?
If everything _is_ designed not to restart the services, I suppose
telling the users to take care of that theirselves would be a good idea
for example using a simple "echo" in the post-install script (or

Thx in advance,

The first time any man's freedom is trodden on, we're all damaged.
                       <Cpt. Picard, "The Drumhead", StarTrek TNG>


Reply to: