Re: Security implication of using force-reload instead of restart ?
The same problem occurs with all libraries and is really the responsibility of the sysadmin to deal with. Install debian-goodies and run checkrestart after every relevant upgrade. For desktop users the upgrade software can help, for example PackageKit: http://blogs.gnome.org/hughsie/2007/08/23/packagekit-requiring-a-restart/ -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktim9vat9tt3er2uhdziox-nw_xm-nimatdkju...@mail.gmail.com
Re: Security implication of using force-reload instead of restart ?
On Sunday 09 January 2011, Nikita V. Youshchenko wrote: I've just noticed that on libapache2-mod-php5 package upgrade, apache server was not restartted (but only HUPed because of force-reload called from libapache2-mod-php5 postinst) Doesn't this mean that running apache has still old version of php module loaded, so it still is vulnerable to issues fixed in php update? No. Apache unloads and reloads modules on a graceful restart, unless a modules takes special measures to prevent that. You can check that with lsof or checkrestart. But libapache2-mod-php5's behaviour is not optimal for other reasons (see #589386). Is this a severity serious bug? Perhaps same situation exists with other package combinations as well? Normally I recommend using restart in module packages. Maintainer of module packages should check the behaviour of their module before deviating from that. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201101091014.49149...@sfritsch.de
Re: Security implication of using force-reload instead of restart ?
On Sun, Jan 9, 2011 at 10:14 AM, Stefan Fritsch s...@sfritsch.de wrote: No. Apache unloads and reloads modules on a graceful restart, unless a modules takes special measures to prevent that. You can check that with lsof or checkrestart. But libapache2-mod-php5's behaviour is not optimal for other reasons (see #589386). Shouldn't libapache2-mod-php5 be deprecated in favor of PHP via FastCGI anyway? Would avoid this and other issues. Olaf -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktinhtwmzba4scuh2eqm9f8n-5hwiqp0ltywad...@mail.gmail.com
Re: Security implication of using force-reload instead of restart ?
On Sunday 09 January 2011, Olaf van der Spek wrote: On Sun, Jan 9, 2011 at 10:14 AM, Stefan Fritsch s...@sfritsch.de wrote: No. Apache unloads and reloads modules on a graceful restart, unless a modules takes special measures to prevent that. You can check that with lsof or checkrestart. But libapache2-mod-php5's behaviour is not optimal for other reasons (see #589386). Shouldn't libapache2-mod-php5 be deprecated in favor of PHP via FastCGI anyway? Would avoid this and other issues. mod_php won't go away quickly. But having an out-of-the box usable php+fastcgi configuration in squeeze+1 would be nice. Volunteers welcome ;-) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201101091731.19070...@sfritsch.de
Re: Security implication of using force-reload instead of restart ?
On Sun, Jan 9, 2011 at 5:31 PM, Stefan Fritsch s...@sfritsch.de wrote: Shouldn't libapache2-mod-php5 be deprecated in favor of PHP via FastCGI anyway? Would avoid this and other issues. mod_php won't go away quickly. Why not? But having an out-of-the box usable php+fastcgi configuration in squeeze+1 would be nice. Volunteers welcome ;-) Olaf -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikge+n2-9z3un-1zmfdejh1+zgsm-g8vkg=+...@mail.gmail.com