Re: Security implication of using force-reload instead of restart ?

To: Stefan Fritsch <sf@sfritsch.de>
Cc: debian-devel@lists.debian.org
Subject: Re: Security implication of using force-reload instead of restart ?
From: Olaf van der Spek <olafvdspek@gmail.com>
Date: Sun, 9 Jan 2011 16:11:40 +0100
Message-id: <[🔎] AANLkTinHtWMZBa4sCuH2eqM9f8n-5HWiqp0LtYwaDZc5@mail.gmail.com>
In-reply-to: <[🔎] 201101091014.49149.sf@sfritsch.de>
References: <[🔎] 201101090952.30267@blacky.localdomain> <[🔎] 201101091014.49149.sf@sfritsch.de>

On Sun, Jan 9, 2011 at 10:14 AM, Stefan Fritsch <sf@sfritsch.de> wrote:
> No. Apache unloads and reloads modules on a graceful restart, unless a
> modules takes special measures to prevent that. You can check that
> with lsof or checkrestart. But libapache2-mod-php5's behaviour is not
> optimal for other reasons (see #589386).

Shouldn't libapache2-mod-php5 be deprecated in favor of PHP via
FastCGI anyway? Would avoid this and other issues.

Olaf

Reply to:

Follow-Ups:
- Re: Security implication of using force-reload instead of restart ?
  - From: Stefan Fritsch <sf@sfritsch.de>

References:
- Security implication of using force-reload instead of restart ?
  - From: "Nikita V. Youshchenko" <yoush@debian.org>
- Re: Security implication of using force-reload instead of restart ?
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Re: DEP5: CANDIDATE and ready for use in squeeze+1
Next by Date: Re: Safe File Update (atomic)
Previous by thread: Re: Security implication of using force-reload instead of restart ?
Next by thread: Re: Security implication of using force-reload instead of restart ?
Index(es):
- Date
- Thread