On 28/01/2015 8:35 PM, John Rowe wrote: > I'm sure many people will have seen the recent security update on > gethostbyname(), etc. Apparently exim can be vulnerable to this.
Yes it is. > This raises the question: does updating a library package actually > protect systems from the vulnerability or do daemons continue to use the > (insecure) version of the library call they linked at start up? The program (exim in this case) uses a function in the library. It will continue to use the library that was present when the program started until you restart the program. > And indeed, if yum updates a daemon due to security fixes does the > daemon restart? By default, package updates won't restart running programs. This is a manual step. > If it doesn't protect us is there practicable way to make sure we are > genuinely protected short of rebooting the whole system every time there > is a security update? Depending on what the update is. If you want to be 100% certain, reboot. If you don't want to reboot, you can hunt through what programs use certain libraries using ld - however the effort taken to do this is much more than a reboot - and probably takes longer. -- Steven Haigh Email: net...@crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897
signature.asc
Description: OpenPGP digital signature
