Re: Debugger
  By: Pascal Schmidt to Jasen Betts on Mon May 24 2004 03:19 pm

 > Hi Jasen! :-)
 > 
 > Looking at gdb, it uses the 386 and above debug registers to implement data
 > breakpoints, so those are available outside the kernel and the kernel takes
 > care in preserving them when switching tasks (otherwise you could try to pry
 > another task's memory).

Hmmm, now that'd be an excellent security hole, if it didn't.... ;-)  Picture
a program setting a breakpoint and either monitoring the caching of the hard
drive till it picked up on the password file, or found where the kernel was
in memory, and just patched it to allow its self to gain access to the entire
system....  Granted, I know, with so many kernel versions, and each kernel
compiled using different options, patching the kernel in RAM to allow access
to the system would be rather impossible for a virus.... You'd have better
odds if you would be guessing which fish in a bunch of eggs would be male,
and which would be female before they hatched!
--- SBBSecho 2.00-Win32