> [...] the numerous other ways root can subvert the running kernel --- > or, equivalently, all running processes (e.g. with ptrace). Subverting the kernel is not equivalent to subverting any/all running processes; the former is significantly stronger than the latter. As a simple example, if you have hardware on your system that the kernel ignores[%], subverting all running processes still won't allow you to access it, but subverting the kernel potentially will. [%] For whatever reason - perhaps because it doesn't understand it, or perhaps because support is configured out. In some cases, of course, subverting certain processes may allow you to subvert the kernel, if the kernel trusts one of those processes sufficiently highly (eg, allows it to load arbitrary LKMs). That doesn't make them equivalent, except perhaps in the case of that setup. der Mouse mouseat_private 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:09 PDT