[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libc6 (security) update does not restart system-services?

At Sat, 19 Apr 2003 10:52:51 -0600,
Bob Proulx wrote:
> [1  <text/plain; us-ascii (quoted-printable)>]
> Bernd Eckenfels wrote:
> > or use tools like "lsof" or my package of "memstat" to find loaded
> > and deleeted libraries.
> I believe this process to be much to complicated to be used
> successfully in the general case.  You would need to match each
> running process back to a /etc/init.d restart methodology.  These
> frequently do not have a one to one mapping.  You could design a new
> methodology to be added to policy which packages with running daemons
> would need to register themselves to ensure a proper restart.  So much
> work would be needed to make this happen smoothly.

Well, it's hard to display package name.  However 

    lsof | grep dpkg-new | awk '{print $1, $8}' | sort +0

make a list which describes what binary uses old libraries replaced by
dpkg.  To show more user friendly, it needs to remember that what
library files are replaced, though.

> > This is also good to do on a regular interval if you update your systems for
> > no security reasons:
> > 
> > - it will free memory and will make the filesystem get rid of open/deleted
> > files, which can cause problems like the inability to remount ro or messages
> > like "setting dtime of deleted inode" on fsck.
> Except for the uptime wars (2 years 2 weeks!, between power outs here)
> I generally reboot servers monthly.  This has the added benefit that
> it also ensures that the servers will boot cleanly and an admin has
> not broken something with a manual tweak.

Well, this kind of precaution is better than to leave machines

-- gotom

Reply to: