libc6 (security) update does not restart services?
I've recently upgraded my Woody-Servers according to the latest
libc6 security update (DSA-282), and it seems that services were _not_
reloaded by the post-install-script!?
More detailed information:
When investigating this "case", I found out the following (if I read
everything right, please correct me if I'm wrong):
- dselect [U]pdate calls "dpkg --install new-package".
- Debian-Policy chapter 6 says that thus the new package's postinst
script is run with "configure" as the first command-line-argument.
- /var/lib/dpkg/info/libc6.postinst checks for "$1" == "configure"
(which is the case when updating, isn't it?). If true it afterwards
checks if "$2" is lower than "2.1.95-1" (I assume this corresponds to
the previously installed version) and _only if this the case_ it
restarts most of the services.
Woody comes with libc6 2.2.5-11.5, so the section about restarting
services is never reached.
This leaves the machine vulnerable as all services use the old library
Shouldn't the services be restarted when installing a new libc-version?
What reasons would there be not to restarted services?
If everything _is_ designed not to restart the services, I suppose
telling the users to take care of that theirselves would be a good idea
within the post-install script (or similar).
Thx in advance,
The first time any man's freedom is trodden on, we're all damaged.
<Cpt. Picard, "The Drumhead", StarTrek TNG>