The process of rooting

The process of rooting varies widely by device. It usually includes exploiting a security weakness in the firmware shipped from the factory. For example, shortly after the T-Mobile G1 was released it was quickly discovered that anything typed using the keyboard was being interpreted as a command in a privileged (root) shell. Although Google quickly released a patch to fix this, a signed image of the old firmware was leaked giving people the ability to downgrade and use the original exploit to gain root access. Once this exploit is found, a custom recovery image that does not check the digital signature of a firmware update package can be flashed. In turn, using the custom recovery, a modified firmware update can be installed that typically includes the utilities (for example the Superuser app) needed to run apps as root.
The Google-branded Android devices, the Nexus One, Nexus S and the Galaxy Nexus, can have their boot-loaders unlocked by simply running the command "fastboot oem unlock" from a computer connected to the device while it is in boot-loader mode.[5] After accepting a warning the boot-loader will be unlocked so that a new system image can be written directly to flash without the need for an exploit.

Recently, Motorola, LG Electronics and HTC Corporation have added security features to their devices at the hardware level in an attempt to prevent retail Android devices from being rooted. For instance, the Motorola Droid X has a security boot-loader that will put the phone in "recovery mode" if unsigned firmware is loaded onto the device.
source http://en.wikipedia.org/wiki/Rooting_%28Android_OS%29#Process