Bug#753790: systemd: process 1 should load new versions of shared objects

Michael Biebl biebl at debian.org
Sat Jul 5 04:12:22 BST 2014 

Am 05.07.2014 04:57, schrieb Russell Coker:
> On Sat, 5 Jul 2014 04:40:33 Michael Biebl wrote:
>>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753726
>>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753727
>>>
>>> The above bugs concern the ability of library packages to request that
>>> systemd use the new version on an upgrade.  I don't think it's reasonable
>>> for the library updates to never be applied because there's the risk of a
>>> security flaw being discovered in one of them that affects the operation
>>> of systemd.
>> While I agree with you in general, keep in mind that this is actually
>> also a general issue. PID 1 is in no way special in that regard and this
>> concerns every long running process / daemon.
> 
> Pid 1 is special in that it must always exist.

Well, true. My point is though, that this affects every long running
process. PID 1 is just one of them.

>> It's not like a security update of libselinux (or any other library for
>> that matter) restarts all daemons / binaries linking against said library.
> 
> I think it should.  We already have pam and libc6 restarting all daemons that 
> link against them.

Oh, that is actually not quite true.
If you take a look at libc6.postinst, you'll notice that it has a
hard-coded list of sysv init scripts and binaries and some fragile
attempts to do the mapping of binary names to sysv init scripts. It by
*no* means covers all daemons that link against libc6.

It also shows, that this approach doesn't really work and is not
maintainable. E.g. the gdm sysv init script was renamed to gdm3 a while
back. The postinst in libc6 still checks for the old name. Same for
apache and so on. Such hard-coded lists are ugly and unmaintainable.


Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20140705/3f04c9c8/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list