[ale] openssl related software question
James P. Kinney III
jkinney at localnetsolutions.com
Tue Jul 30 22:37:02 EDT 2002
Hey Jenn (et al.),
Be aware that I just did an ldd on MY redhat 7.3 box that is current up
to yesterday. My libcrypto was packaged in openssl (rpm -q
--whatprovides libcrypto returned openssl-0.9.6b-18 (I smell an upgrade
here, too)).
I almost agree on the M$ism statement. However, changing libs is a
non-trivial process. A mismatched lib call can crash a box. A controlled
reboot is most often very safe. Slow, but safe.
I'm not a wiz on everything RedHat has linked/compiled/mangled on their
stuff. Most times I keep my basic systems as close to
RH-shipping-with-updates as possible. With a few exceptions their QC is
pretty good. Besides, I can slow my box down just by running Nautilus
(it is getting better). So if your openssh was a custom compile into
/usr/local, you might need to do some more digging and see what other
crypto RH installed for you. Prior to the 7.x series, crypto was not
generally installed off a RH installation CD.
On Tue, 2002-07-30 at 21:49, jenn at colormaria.com wrote:
> > Calm down! When RedHat said "restart the server", they meant the
> > SERVICE, not the box. So, yes after you install the opennssl upgrades,
> > you WILL have to restart apache and friends.
>
> *clearing throat* ahem: from
> http://online.securityfocus.com/archive/1/285019/2002-07-28/2002-08-03/0
> bugzilla post to bugtraq:
> "we advise users to reboot their systems after installing
> these updates."
>
> reboot the system and restart the server are two entirely separate creatures,
> my friend. ;) I understand why they would say it, I just found it somewhat
> alarming that they would so casually toss off a M$ism.
>
> >
> > ldd on openssh will not show a dependency on openssl since ssh doesn't
> > depend use ssl. But it uses the crypto libs packaged with openssl.
> >
>
> My glaring ignorance of libraries is showing like a beacon here...ldd sshd
> does show libcrypto.so, but it's the one that was installed when I installed
> redhat (/usr/lib/libcrypto.so and not /usr/local/ssl/lib/ ...default
> compile ofopenssl doesn't even *create* a shared object).
>
> Thanks for the response, I think I may be on the right track now but may be
> back with more stupid questions
>
> jenn
> not afraid to show my ignorance to the world, or at least the ALE list. :)
>
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
--
James P. Kinney III \Changing the mobile computing world/
President and CEO \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
This is a digitally signed message part
More information about the Ale
mailing list