Re: Information in DSAs on necessary restarts due to library-security-updates
On Sat, 26 Apr 2003 16:30:23 +0200
Javier Fernández-Sanguino Peña <jfs@computer.org> wrote:
Hi!
> > lsof +L1 prints every unlinked open file:
> (..)
>
> you can use a check from the Tiger security tool to do
> just this, it's called 'check_finddeleted' and will point you to the
> processes (normal ones and daemons) that are using deleted files:
[...]
Thanks both for your information. (I've just installed the cron-job
"lsof +L1 | grep dpkg-new$" reminding the admin - currently me - of
processes using an old library.)
Nevertheless, I actually wanted to propose including information about
the overall situation into the security advisories for libraries,
something like:
"Mind: Active Programs and services using this package's libraries will
NOT be restarted automatically and thus be vulnerable until you take
care of restarting them yourself! Check out [1,2] on how to find
such processes.
[1] `lsof +L1 | grep dpkg-new$`
[2]
http://savannah.nongnu.org/cgi-bin/viewcvs/tiger/tiger/scripts/check_finddeleted+?rev=1.1&content-type=text/vnd.viewcvs-markup`"
Currently, most people believe "update && upgrade" is enough and don't
do anything else. This simple hint in the DSA could save people from a
_lot_ of troubles.
Does the Debian-Security-Team read this list? (If so, please
respond :) ...)
How to contact the security-team (without writing a mail to one of them
directly)?
Thanks 'n' Cheers,
Max
--
The first time any man's freedom is trodden on, we're all damaged.
<Cpt. Picard, "The Drumhead", StarTrek TNG>
http://homex.subnet.at/~max/
Reply to: