> > > If it doesn't protect us is there practicable way to make sure we > > are > > genuinely protected short of rebooting the whole system every time > > there > > is a security update? > > Depending on what the update is. If you want to be 100% certain, > reboot. > If you don't want to reboot, you can hunt through what programs use > certain libraries using ld - however the effort taken to do this is > much > more than a reboot - and probably takes longer. >
It actually isn't that hard to track down. [root@colo-a2vm t2]# lsof -n | grep gcc hpiod 2649 root DEL REG 252,0 4718941 /lib64/libgcc_s-4.1.2-20080825.so.1;545bc2ea mysqld 2851 mysql DEL REG 252,0 4718941 /lib64/libgcc_s-4.1.2-20080825.so.1;545bc2ea libvirtd 3121 root DEL REG 252,0 4718941 /lib64/libgcc_s-4.1.2-20080825.so.1;545bc2ea yum-updat 3343 root DEL REG 252,0 4718941 /lib64/libgcc_s-4.1.2-20080825.so.1;545bc2ea smartd 3469 root DEL REG 252,0 4718941 /lib64/libgcc_s-4.1.2-20080825.so.1;545bc2ea automount 6482 root DEL REG 252,0 4718600 /lib64/libgcc_s-4.1.2-20080825.so.1.#prelink#.dvRyeN httpd 11089 root mem REG 252,0 58400 4718834 /lib64/libgcc_s-4.1.2-20080825.so.1 php 11639 ioi mem REG 252,0 58400 4718834 /lib64/libgcc_s-4.1.2-20080825.so.1 php 24239 ioi mem REG 252,0 58400 4718834 /lib64/libgcc_s-4.1.2-20080825.so.1 httpd 27057 daemon mem REG 252,0 58400 4718834 /lib64/libgcc_s-4.1.2-20080825.so.1 httpd 27058 daemon mem REG 252,0 58400 4718834 /lib64/libgcc_s-4.1.2-20080825.so.1 You can tell the processes that were not restarted as they show DEL instead of mem...