[Durham] finding daemons using old shared libraries

Richard Mortimer richm at oldelvet.org.uk
Mon Nov 1 12:28:36 UTC 2010

For the archives I'm replying to my own question from last year...

I just found the answer whilst listening to the This week in Debian podcast.

On 16/09/2009 11:16, Richard Mortimer wrote:
> All,
> Back in the deepest darkest depths of my mind I remember coming across a
> program that will find all of the daemons that are running outdated
> versions of shared libraries. This is useful to find out what needs
> restarting after an upgrade. Does anyone remember the name of said
> program/script? I'm fed up of checking by hand (see below).

The debian-goodies package has a "checkrestart" utility that checks for 
outdated uses of shared libraries and various things. It doesn't seem to 
get things perfectly right (it produced a false positive for Openoffice 
when I tested on my laptop) but on the server it looks to be a useful tool.

I only see mentions of Debian based distro packaging but I don't run any 
RPM base distros these days so that ain't really an issue for me.


For instance after recent security upgrades it said.

richard at brava:~$ sudo checkrestart
Found 9 processes using old versions of upgraded files
(9 distinct programs)
(9 distinct packages)

Of these, 8 seem to contain init scripts which can be used to restart them:
The following packages seem to have init scripts that could be used
to restart them:
	1353	/sbin/syslogd
	1380	/usr/sbin/named
	1394	/usr/sbin/sshd
	1794	/usr/sbin/ntpd
	1826	/usr/sbin/cron
	1804	/usr/sbin/atd
	1775	/usr/sbin/exim4
	1362	/sbin/klogd

These are the init scripts:
/etc/init.d/sysklogd restart
/etc/init.d/bind9 restart
/etc/init.d/ssh restart
/etc/init.d/ntp restart
/etc/init.d/cron restart
/etc/init.d/atd restart
/etc/init.d/exim4 restart
/etc/init.d/klogd restart

These processes do not seem to have an associated init script to restart 
	1857	/sbin/getty

> Thanks
> Richard
> Background:
> When you upgrade shared libraries long running programs (daemons
> typically - but it may be other things) keep running the old library
> until restarted. This generally doesn't cause operational problems,
> although it might do if the program tries to load new/related libraries
> after the upgrade, but it does mean that you are still running with the
> old code.
> It is relatively easy to find which programs are running old versions of
> libraries by looking in the /proc filesystem. For instance sshd on one
> of my boxes has the following in /proc/2834/maps. All of the files with
> (deleted) are because I just aplied an update to libc6 on this box. A
> new program will get the new version but the existing ones carry on
> using the old file. A restart of the daemon in question will fix things
> (but be careful that you don't restart something that depends on it).
> sudo cat /proc/2834/maps
> 7f3ab76af000-7f3ab76bb000 r-xp 00000000 fc:00 58535
> /lib/libnss_files-2.9.so (deleted)
> 7f3ab76bb000-7f3ab78ba000 ---p 0000c000 fc:00 58535
> /lib/libnss_files-2.9.so (deleted)
> 7f3ab78ba000-7f3ab78bb000 r--p 0000b000 fc:00 58535
> /lib/libnss_files-2.9.so (deleted)
> 7f3ab78bb000-7f3ab78bc000 rw-p 0000c000 fc:00 58535
> /lib/libnss_files-2.9.so (deleted)
> 7f3ab78bc000-7f3ab78c6000 r-xp 00000000 fc:00 58537
> /lib/libnss_nis-2.9.so (deleted)
> 7f3ab78c6000-7f3ab7ac5000 ---p 0000a000 fc:00 58537
> /lib/libnss_nis-2.9.so (deleted)
> 7f3ab7ac5000-7f3ab7ac6000 r--p 00009000 fc:00 58537
> /lib/libnss_nis-2.9.so (deleted)
> 7f3ab7ac6000-7f3ab7ac7000 rw-p 0000a000 fc:00 58537
> /lib/libnss_nis-2.9.so (deleted)
> 7f3ab7ac7000-7f3ab7acf000 r-xp 00000000 fc:00 58531
> /lib/libnss_compat-2.9.so (deleted)
> 7f3ab7acf000-7f3ab7cce000 ---p 00008000 fc:00 58531
> /lib/libnss_compat-2.9.so (deleted)
> 7f3ab7cce000-7f3ab7ccf000 r--p 00007000 fc:00 58531
> /lib/libnss_compat-2.9.so (deleted)
> 7f3ab7ccf000-7f3ab7cd0000 rw-p 00008000 fc:00 58531
> /lib/libnss_compat-2.9.so (deleted)
> 7f3ab7cd0000-7f3ab7ce7000 r-xp 00000000 fc:00 58540
> /lib/libpthread-2.9.so (deleted)
> 7f3ab7ce7000-7f3ab7ee6000 ---p 00017000 fc:00 58540
> /lib/libpthread-2.9.so (deleted)
> 7f3ab7ee6000-7f3ab7ee7000 r--p 00016000 fc:00 58540
> /lib/libpthread-2.9.so (deleted)
> 7f3ab7ee7000-7f3ab7ee8000 rw-p 00017000 fc:00 58540
> /lib/libpthread-2.9.so (deleted)
> 7f3ab7ee8000-7f3ab7eec000 rw-p 7f3ab7ee8000 00:00 0
> 7f3ab7eec000-7f3ab7eee000 r-xp 00000000 fc:00 57357 /lib/libkeyutils-1.2.so
> 7f3ab7eee000-7f3ab80ed000 ---p 00002000 fc:00 57357 /lib/libkeyutils-1.2.so
> ...

More information about the Durham mailing list