From owner-freebsd-questions@freebsd.org  Thu Nov 30 10:27:55 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BBF03DFEE07
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 30 Nov 2017 10:27:55 +0000 (UTC)
 (envelope-from kpielorz_lst@tdx.co.uk)
Received: from smtp.krpservers.com (smtp.krpservers.com [62.13.128.145])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.krpservers.com", Issuer "RapidSSL SHA256 CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 670057EEF7
 for <freebsd-questions@freebsd.org>; Thu, 30 Nov 2017 10:27:54 +0000 (UTC)
 (envelope-from kpielorz_lst@tdx.co.uk)
Received: from [10.12.30.106]
 (host165-120-222-85.range165-120.btcentralplus.com [165.120.222.85])
 (authenticated bits=0)
 by smtp.krpservers.com (8.15.2/8.15.2) with ESMTPSA id vAUAOCh7092515
 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
 for <freebsd-questions@freebsd.org>; Thu, 30 Nov 2017 10:24:14 GMT
 (envelope-from kpielorz_lst@tdx.co.uk)
Date: Thu, 30 Nov 2017 10:23:55 +0000
From: Karl Pielorz <kpielorz_lst@tdx.co.uk>
To: freebsd-questions@freebsd.org
Subject: Security updates / 'procstat' to find daemons to restart - reliable?
Message-ID: <45CAA442C95AA5B35EF0AF7C@[10.12.30.106]>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 10:27:55 -0000


Hi All,

When applying patches I usually reboot machines. But the recent 
FreeBSD-SA-17:11.openssl update handily looks like just a 'restart of 
daemons using the library' will do it.

So - on a 10.3-p24 system, if I run:

  procstat -va | grep libcrypto

I get a list of process ID's that turn out to be things like sshd, unbound 
etc. As you'd expect.


So then I do a 'freebsd-update fetch' and 'freebsd-update install'.

Re-run 'procstat -va' - and now there is no mention of 'libcrypto'.

If 'libcrypto' does not appear in 'procstat -va' output does that mean I'm 
good to go? (i.e. nothing has it open, so nothing needs restarting - and 
any future 'opens' on that library, will of course use the new one on-disk?)

Did the action of 'freebsd-update install' cause some behind the scenes 
"Oh, this library has changed under me I'll unload" type thing (or break 
any open references to it?)

If I restart, say 'sshd' - once again, 'procstat -va' now shows 
'libcrypto.so.7' is in use by pid 53569 (sshd)

This is a little confusing...

-Karl