Date: Thu, 30 Nov 2017 10:23:55 +0000 From: Karl Pielorz <kpielorz_lst@tdx.co.uk> To: freebsd-questions@freebsd.org Subject: Security updates / 'procstat' to find daemons to restart - reliable? Message-ID: <45CAA442C95AA5B35EF0AF7C@[10.12.30.106]>
next in thread | raw e-mail | index | archive | help
Hi All, When applying patches I usually reboot machines. But the recent FreeBSD-SA-17:11.openssl update handily looks like just a 'restart of daemons using the library' will do it. So - on a 10.3-p24 system, if I run: procstat -va | grep libcrypto I get a list of process ID's that turn out to be things like sshd, unbound etc. As you'd expect. So then I do a 'freebsd-update fetch' and 'freebsd-update install'. Re-run 'procstat -va' - and now there is no mention of 'libcrypto'. If 'libcrypto' does not appear in 'procstat -va' output does that mean I'm good to go? (i.e. nothing has it open, so nothing needs restarting - and any future 'opens' on that library, will of course use the new one on-disk?) Did the action of 'freebsd-update install' cause some behind the scenes "Oh, this library has changed under me I'll unload" type thing (or break any open references to it?) If I restart, say 'sshd' - once again, 'procstat -va' now shows 'libcrypto.so.7' is in use by pid 53569 (sshd) This is a little confusing... -Karl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45CAA442C95AA5B35EF0AF7C>