Re: libc6 (security) update does not restart system-services?
At Sat, 19 Apr 2003 10:52:51 -0600,
Bob Proulx wrote:
>
> [1 <text/plain; us-ascii (quoted-printable)>]
> Bernd Eckenfels wrote:
> > or use tools like "lsof" or my package of "memstat" to find loaded
> > and deleeted libraries.
>
> I believe this process to be much to complicated to be used
> successfully in the general case. You would need to match each
> running process back to a /etc/init.d restart methodology. These
> frequently do not have a one to one mapping. You could design a new
> methodology to be added to policy which packages with running daemons
> would need to register themselves to ensure a proper restart. So much
> work would be needed to make this happen smoothly.
Well, it's hard to display package name. However
lsof | grep dpkg-new | awk '{print $1, $8}' | sort +0
make a list which describes what binary uses old libraries replaced by
dpkg. To show more user friendly, it needs to remember that what
library files are replaced, though.
> > This is also good to do on a regular interval if you update your systems for
> > no security reasons:
> >
> > - it will free memory and will make the filesystem get rid of open/deleted
> > files, which can cause problems like the inability to remount ro or messages
> > like "setting dtime of deleted inode" on fsck.
>
> Except for the uptime wars (2 years 2 weeks!, between power outs here)
> I generally reboot servers monthly. This has the added benefit that
> it also ensures that the servers will boot cleanly and an admin has
> not broken something with a manual tweak.
Well, this kind of precaution is better than to leave machines
alone...
Regards,
-- gotom
Reply to: