




















The original version given was Apple's iOS lockdown, where no process can escalate to kernel privileges, with or without owner consent. That depends on Apple being the only entity with the keys to the kingdom, and being trusted to keep the device secure.
On Linux, however, locking down (as iOS has done) so that no root process can escalate to kernel privileges is not going to happen - a root process with owner consent must be able to escalate to kernel privileges, via either a LKM, or by changing the bootloader configuration to change the kernel to one they control, by design.
As a result, any security design that depends on "root processes cannot get kernel privileges" on Linux needs you to be aware of the exception "unless there is owner consent", as opposed to the iOS variant, where the exception is "unless Apple as kernel developer consents".
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。