LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

User actions

User actions

Posted Nov 28, 2008 11:06 UTC (Fri) by sasha (subscriber, #16070)
Parent article: Distribution advisories

I also miss information about user actions in many advisories. For example, when I have vulnerability in Apache, I just update the package (following the instructions from advisory), and Apache is restarted automatically. OK.

When I update browser, to get the problem fixed I should tell all the users to restart their browsers. Usually, this information is not present in the security alert from the distributor.

The things get worse when security problem is fixed in the library. I've got an update for libxml. I've installed the new package. What should I do next? After some thoughts, I guess I must restart all applications using libxml. How should I find these applications? Well, I can do it, but I think that it is useful to include into advisory something like: "After installing updated package, you should restart all applications using this library. For average user, restart of you Gnome/KDE session will be sufficient."

(Log in to post comments)

User actions

Posted Nov 29, 2008 2:41 UTC (Sat) by jmm (subscriber, #34596) [Link]

Debian has a dedicated script to detect applications that need a restart:
checkrestart from the debian-goodies package.

User actions

Posted Dec 1, 2008 10:12 UTC (Mon) by sasha (subscriber, #16070) [Link]

Thank you very much, I have not known about checkrestart. But I see a lot of false positives in its output: deleted file, which is open by a process, does not mean that the process should be restarted. For example, imapd & apache on my system are always shown as "need to be restared", even when freshly restarted. Similar problem exists with sshd (as "sshd restart" does not kill client sessions).

However, my point was about content of security alert. I've never seen DSA which tells you something like "After libxml upgrade, use checkrestart to find the processes which should be restarted. Before such restart, the vulnerability is not really fixed in your system". All alerts pretend that the problem is fixed by package upgrade.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds