Re: How do people remount /usr read-only after apt-get?
Malcolm Ferguson wrote:
2) This makes me wonder why we don't restart affected processes after
applying security patches. For instance, today's OpenSSL patch seemed
to affect ssh and bind. Well, I had to restart them as part of remount
/usr ro. Presumably those processes were still using a vulnerable
version of the library. Ssh was doubly annoying as I had to log out and
log back in ;)
Every Debian update I've installed like this has had text saying "You
will need to restart all services that depend on this library".
I've never had to log out and in to restart sshd. I don't know if my
connection is passed from one process to the next, or if the old process
hangs on until I log out, but I've restarted it (and cycled my
interfaces down and up) while connected many times (which I think is