[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libc6 (security) update does not restart system-services?

On Fri, 18 Apr 2003 13:06:07 +0900
GOTO Masanori <gotom@debian.or.jp> wrote:


> > I've recently upgraded my Woody-Servers according to the latest
> > libc6 security update (DSA-282), and it seems that services were
> > _not_ reloaded by the post-install-script!?
> > 
> > [...]
> > 
> > - /var/lib/dpkg/info/libc6.postinst checks for "$1" ==
> >   "configure"
> >   (which is the case when updating, isn't it?). If true it
> >   afterwards checks if "$2" is lower than "2.1.95-1" (I assume this
> >   corresponds to the previously installed version) and _only if this
> >   the case_ it restarts most of the services.
> > 
> > Woody comes with libc6 2.2.5-11.5, so the section about restarting
> > services is never reached.
> > 
> > This leaves the machine vulnerable as all services use the old
> > library until restarted.
> >
> > Shouldn't the services be restarted when installing a new
> > libc-version? What reasons would there be not to restart services?
> Restarting services is needed only once: upgrading from 2.2.x to
> 2.3.x.  The reason is simple.  NSS (Name Service Switch) is much
> changed, and it becomes incompatible between 2.2 and 2.3.
> So if you use woody server, not sarge, then you have no need to
> restart services.  If you use libc6 2.2.x, it's not related.

So restarting services is necessary when upgrading from 2.2.x to 2.3.x
to make sure everything works fine (as e.g. the example of xdm you
mention below). When staying with basically the same version and
"simply" doing a security-update, there are no compatability-problems,
of course, so everything keeps running smoothly.

But my concern is that running programs such as system services use the
old libraries instead of the new one as long as they continue running,
don't they? If they do the security bug is still exploitable though the
new libraries are already installed on the system.

> > If everything _is_ designed not to restart the services, I suppose
> > telling the users to take care of that theirselves would be a good
> > idea for example using a simple "echo" in the post-install script
> > (or similar).
> The restarting message is not sufficient for you?

Of course, but the message is only shown if the services _are_ to be
restarted (which is only when doing a major version update). 
Services are not restarted by the security update though I think they
should be (as stated above).

If I'm wrong, please correct me. :)

> BTW, I plan to dupload 2.3.1-17 that has preinst message to choose
> libc6 upgrade or not.  It's needed because for example xdm cannot
> authenticate after installing libc6, but we cannot restart xdm with
> postinst automatically (user's X11 session is destroyed).  I add
> messages in next 2.3.1-17 as they have to restart xdm with their hand.
> If you have requests about restarting messages, please tell me.

Though I don't know enough about the detailed processes running inside
the library packages: Sounds great. :)
Perhaps it's possible to delay installation of the libraries until the
next reboot? The user would have the chance to have the libraries
installed "instantly" (which would break xdm), "automatically at the
next reboot" (is that what you meant above?) or "not at all" at the
moment (though I currently can't think of a good reason why to do that).


The first time any man's freedom is trodden on, we're all damaged.
                       <Cpt. Picard, "The Drumhead", StarTrek TNG>


Reply to: