Determining applicability is hard
Posted Apr 29, 2008 23:36 UTC (Tue) by jreiser
Parent article: Ksplice: kernel patches without reboots
"A person is expected to conﬁrm that the target security patch does not make any semantic changes to data structures. Performing this check requires only seconds or a few minutes for most security patches." (Section 1)
Changing a CRC algorithm is a semantic change to any piece of data that is derived from any output of that CRC algorithm. Thus patching a CRC algorithm must not be allowed as long as there are any outputs "in view", whether static globals, static locals, the stack of any thread, or dynamically allocated data. Now go back and reread this paragraph, deleting all instances of "CRC". Therefore, almost anything that is to be patched must be memoryless, either forever, or at the moment. That's hard.
to post comments)