Re: DSA 2896-2 openssl - Apache 2 not detected as service to restart by postinst?

[Lupe Christoph <lupe@lupe-christoph.de>]

On Wednesday, 2014-04-09 at 12:42:16 +0200, Rob van der Putten wrote:

> AFAIK all services that use TLS + open-ssl are effected.
> I generated new keys for Apache, Asterisk, Exim and imap and
> restarted those services.
> According to a post on slashdot SSH is not effected. I don't know if
> this is correct.

It would probably be a good idea not to rely on a fixed list of services
which would exclude programs the user installed from other sources, but
use something like this:

grep libssl.so /proc/*/maps
(Assuming that libcrypto.so did not change in this update.)

I admit that mapping the list of processes to services is hard, so the
best way would probably be to filter the list by known executables and
list the unknowns for the user to restart by hand.

Lupe Christoph
-- 
| The politician's syllogism:                                            |
|     We must do something                                               |
|     This is something                                                  |
|     Therefore, we must do this.                                        |