-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Thursday 2008-01-17 at 15:28 +0100, Thomas Biege wrote:
> SUSE Security Announcement
>
> Package: Xorg and XFree
> Announcement ID: SUSE-SA:2008:003
> Date: Thu, 17 Jan 2008 15:00:00 +0000
> Affected Products: SUSE LINUX 10.1
> openSUSE 10.2
> openSUSE 10.3
> 3) Special Instructions and Notes
>
> Please restart your X server. (logout and login)
Please note that this is not enough.
If, for instance, you are using gdm, the gdm instance remains in memory
until the rcxdm is explicitly restarted.
If after the update and doing the specified logout and login you do an
'lsof', searching for inodes detects inodes still not really deleted,
like:
lsof | grep -E 'RPMDELETE|;|path inode='
and I find that a lot of services still active, ie, not "actually" updated:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
gdm 1108 root mem REG 22,70 1170944 /usr/lib/libXcursor.so.1.0.2 (path inode=1562119)
gdm 1108 root mem REG 22,70 1170964 /usr/lib/libXrandr.so.2.1.0 (path inode=1562139)
gdm 1108 root mem REG 22,70 1170958 /usr/lib/libXi.so.6.0.0 (path inode=1562133)
gdm 1108 root mem REG 22,70 1170946 /usr/lib/libXdamage.so.1.1.0 (path inode=1562121)
gdm 1108 root mem REG 22,70 1170942 /usr/lib/libXcomposite.so.1.0.0 (path inode=1562117)
gdm 1108 root mem REG 22,70 1170960 /usr/lib/libXinerama.so.1.0.0 (path inode=1562135)
gdm 1108 root DEL REG 22,70 1171004 /usr/lib/libxcb-render-util.so.0.0.0;479085e8
nmbd 4028 root mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
nmbd 4028 root mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
nmbd 4028 root mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
nmbd 4028 root mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
sshd 4847 root mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
sshd 4847 root mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
sshd 4847 root mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
sshd 4847 root mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
gdm 5525 root mem REG 22,70 1170944 /usr/lib/libXcursor.so.1.0.2 (path inode=1562119)
gdm 5525 root mem REG 22,70 1170964 /usr/lib/libXrandr.so.2.1.0 (path inode=1562139)
gdm 5525 root mem REG 22,70 1170958 /usr/lib/libXi.so.6.0.0 (path inode=1562133)
gdm 5525 root mem REG 22,70 1170946 /usr/lib/libXdamage.so.1.1.0 (path inode=1562121)
gdm 5525 root mem REG 22,70 1170942 /usr/lib/libXcomposite.so.1.0.0 (path inode=1562117)
gdm 5525 root mem REG 22,70 1170960 /usr/lib/libXinerama.so.1.0.0 (path inode=1562135)
gdm 5525 root DEL REG 22,70 1171004 /usr/lib/libxcb-render-util.so.0.0.0;479085e8
smbd 10675 root mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
smbd 10675 root mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
smbd 10675 root mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
smbd 10675 root mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
smbd 10676 root mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
smbd 10676 root mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
smbd 10676 root mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
smbd 10676 root mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
gnome-vfs 28342 cer mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
gnome-vfs 28342 cer mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
gnome-vfs 28342 cer mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
gnome-vfs 28342 cer mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
Ie, to really activate the last security update, I needed to manually
restart: rcxdm, rcsshd, rcsmbd, and rcnmbd.
Also, gnome-vfs has to be killed, because it is a known bug that Gnome
does not close all the programs started on a session when it exits.
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFHkSWhtTMYHG2NR9URAib3AKCJ0Z/cpmpBoAY99JIQnK3KrITMuACcCQyJ
9QdTyNsXG5XXJ7G1oGl+NAM=
=oiha
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org