Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Nov 2017 10:23:55 +0000
From:      Karl Pielorz <kpielorz_lst@tdx.co.uk>
To:        freebsd-questions@freebsd.org
Subject:   Security updates / 'procstat' to find daemons to restart - reliable?
Message-ID:  <45CAA442C95AA5B35EF0AF7C@[10.12.30.106]>

Next in thread | Raw E-Mail | Index | Archive | Help

Hi All,

When applying patches I usually reboot machines. But the recent 
FreeBSD-SA-17:11.openssl update handily looks like just a 'restart of 
daemons using the library' will do it.

So - on a 10.3-p24 system, if I run:

  procstat -va | grep libcrypto

I get a list of process ID's that turn out to be things like sshd, unbound 
etc. As you'd expect.


So then I do a 'freebsd-update fetch' and 'freebsd-update install'.

Re-run 'procstat -va' - and now there is no mention of 'libcrypto'.

If 'libcrypto' does not appear in 'procstat -va' output does that mean I'm 
good to go? (i.e. nothing has it open, so nothing needs restarting - and 
any future 'opens' on that library, will of course use the new one on-disk?)

Did the action of 'freebsd-update install' cause some behind the scenes 
"Oh, this library has changed under me I'll unload" type thing (or break 
any open references to it?)

If I restart, say 'sshd' - once again, 'procstat -va' now shows 
'libcrypto.so.7' is in use by pid 53569 (sshd)

This is a little confusing...

-Karl



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?45CAA442C95AA5B35EF0AF7C>