On Sat, Aug 30, 2014 at 9:19 AM, Vladimir Mosgalin
<[log in to unmask]> wrote:
> Hi Andras Horvath!
>
>  On 2014.08.30 at 13:23:34 +0200, Andras Horvath wrote next:
>
>> Does the recent glibc update need a reboot to fully take effect?
>
> If you think the vulnerabilities
> (https://rhn.redhat.com/errata/RHSA-2014-1110.html) might be exploited
> on your system for long-running applications, you need a reboot;
> personally I think it's unlikely, because locales are loaded only at
> applications startup (and they will start with new glibc from now on),
> so "directory traveral flaw" can't be exploited, and supplying arguments
> to iconv call for already running applications like system services
> isn't likely too.
>
> On production system, I'd be satisfied with restarting long-running
> software that might use different iconv calls in runtime, like database
> server (unless it's strictly for internal use). But if you worried, do a
> full reboot, it's the only way to reload glibc for some system
> applications (okay there are technically other ways, like going into
> single user mode, restarting init then going back, but it's just not
> worth it).

In my opinion, it's well worth scheduling system upgrades with
reboots, for just this sort of reason. Between memory leaks in long
running daemons that consume resources until they crash, and the
possibility of a system configuration error or software change making
services impossible to restart unattended, I find it well worth
scheduling updates and restarts at least annually, if not more often.

In fact, in many environments, it's worth scheduling a rebuild
annually so that discarde or, legacy configurations get noticed and
brought into a testable, manageable  If you can't rebuild it from
scratch in a timely, documented fashion, you have a single point of
failure that can, and will, bite you in the bottom line.