That is a really great explanation and I love the analogy.It has todo with the nature of a bug.
A boot process consists of multiple layers. See each layer as an entity in a company:
- The boss (bootloader)
- Manager (kernel)
- Employee (userspace)
And we need to bribe a person in order to hack the system.
Depending on the system the managers/employees will be as new each reboot and each update. The boss handles the reboot process and does not get wiped each boot. We need a bootloader bug to enable a rebootable exploit. But as you might guess, a the boss is really hard to bribe.
Most exploits go from down to upper management: userspace -> kernel -> HAXX. But in rare cases we find a bootloader / bigger exploit. These are EXTREMELY rare these days. Like once every 10 years kind of rare, or a LOT of money kind of rare. People who find these will not hand these out for free anymore as they can be worth $$$$.
There are a lot of systems/variations so this example might not fly well for all. Moral of the story: we need unpatchable bugs.
Thank you for the streamlined explanation instead of being a jerk Makes a ton of sense nowIt has todo with the nature of a bug.
A boot process consists of multiple layers. See each layer as an entity in a company:
- The boss (bootloader)
- Manager (kernel)
- Employee (userspace)
And we need to bribe a person in order to hack the system.
Depending on the system the managers/employees will be as new each reboot and each update. The boss handles the reboot process and does not get wiped each boot. We need a bootloader bug to enable a rebootable exploit. But as you might guess, a the boss is really hard to bribe.
Most exploits go from down to upper management: userspace -> kernel -> HAXX. But in rare cases we find a bootloader / bigger exploit. These are EXTREMELY rare these days. Like once every 10 years kind of rare, or a LOT of money kind of rare. People who find these will not hand these out for free anymore as they can be worth $$$$.
There are a lot of systems/variations so this example might not fly well for all. Moral of the story: we need unpatchable bugs.