Re: Announcement: Solaris loadable kernel module backdoor

[mouse () RODENTS MONTREAL QC CA (der Mouse)]

> [...] the numerous other ways root can subvert the running kernel ---
> or, equivalently, all running processes (e.g. with ptrace).

Subverting the kernel is not equivalent to subverting any/all running
processes; the former is significantly stronger than the latter.  As a
simple example, if you have hardware on your system that the kernel
ignores[%], subverting all running processes still won't allow you to
access it, but subverting the kernel potentially will.

[%] For whatever reason - perhaps because it doesn't understand it, or
perhaps because support is configured out.

In some cases, of course, subverting certain processes may allow you to
subvert the kernel, if the kernel trusts one of those processes
sufficiently highly (eg, allows it to load arbitrary LKMs).  That
doesn't make them equivalent, except perhaps in the case of that setup.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B