Bernd Eckenfels wrote: > GOTO Masanori wrote: > > So everytime we have to restart all binaries which use a library > > involving security-problem. In additionm this problem affects not > > only debian packages, but user-built binaries. > > Well, this is why it is most often described in the security advisory. It seems to me that while there is the reputation "Rebooting is for adding new hardware" that sometimes rebooting is also for security and other updates. I have been training people that Debian does not *force* a reboot at the time that the update is made but allows the admin to schedule a reboot at their convenience for critical library updates such as glibc, use your judgement. Coming from other system which force a reboot for almost any update this is seen as a breath of fresh air. (No, amazingly I am not talking about MS here, but rather HPUX which has many gratuitous reboots when swinstall'ing updates.) > To be shure one can eighter use "init 1" and get back to multi user > mode, Basically moving through 'init 1' is almost the same as a reboot. It just preserves your uptime stats. :-) I would not move through 'init 1' programatically. > or use tools like "lsof" or my package of "memstat" to find loaded > and deleeted libraries. I believe this process to be much to complicated to be used successfully in the general case. You would need to match each running process back to a /etc/init.d restart methodology. These frequently do not have a one to one mapping. You could design a new methodology to be added to policy which packages with running daemons would need to register themselves to ensure a proper restart. So much work would be needed to make this happen smoothly. > This is also good to do on a regular interval if you update your systems for > no security reasons: > > - it will free memory and will make the filesystem get rid of open/deleted > files, which can cause problems like the inability to remount ro or messages > like "setting dtime of deleted inode" on fsck. Except for the uptime wars (2 years 2 weeks!, between power outs here) I generally reboot servers monthly. This has the added benefit that it also ensures that the servers will boot cleanly and an admin has not broken something with a manual tweak. Bob
Attachment:
pgp4a46z7nFcJ.pgp
Description: PGP signature