[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How do people remount /usr read-only after apt-get?

Malcolm Ferguson wrote:

2) This makes me wonder why we don't restart affected processes after applying security patches. For instance, today's OpenSSL patch seemed to affect ssh and bind. Well, I had to restart them as part of remount /usr ro. Presumably those processes were still using a vulnerable version of the library. Ssh was doubly annoying as I had to log out and log back in ;)

Every Debian update I've installed like this has had text saying "You will need to restart all services that depend on this library".

I've never had to log out and in to restart sshd. I don't know if my connection is passed from one process to the next, or if the old process hangs on until I log out, but I've restarted it (and cycled my interfaces down and up) while connected many times (which I think is very nice!)


Reply to: