Subject: | |
From: | |
Reply To: | |
Date: | Wed, 28 Jan 2015 20:48:42 +1100 |
Content-Type: | multipart/signed |
Parts/Attachments: |
|
|
On 28/01/2015 8:35 PM, John Rowe wrote:
> I'm sure many people will have seen the recent security update on
> gethostbyname(), etc. Apparently exim can be vulnerable to this.
Yes it is.
> This raises the question: does updating a library package actually
> protect systems from the vulnerability or do daemons continue to use the
> (insecure) version of the library call they linked at start up?
The program (exim in this case) uses a function in the library. It will
continue to use the library that was present when the program started
until you restart the program.
> And indeed, if yum updates a daemon due to security fixes does the
> daemon restart?
By default, package updates won't restart running programs. This is a
manual step.
> If it doesn't protect us is there practicable way to make sure we are
> genuinely protected short of rebooting the whole system every time there
> is a security update?
Depending on what the update is. If you want to be 100% certain, reboot.
If you don't want to reboot, you can hunt through what programs use
certain libraries using ld - however the effort taken to do this is much
more than a reboot - and probably takes longer.
--
Steven Haigh
Email: [log in to unmask]
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
|
|
|