[CentOS] Another Fedora decision

Always Learning centos at u64.u22.net
Fri Feb 6 01:20:54 UTC 2015


On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote:

> On 6 February 2015 at 10:23, Always Learning <centos at u64.u22.net> wrote:
> > Logically ?
> >
> > 1. to change the permissions on shadow from -rw-x------ or from
> > ---------- to -rw-r--r-- requires root permissions ?
> >
> > 2. if so, then what is the advantage of changing those permissions when
> > the entity possessing root authority can already read shadow - that
> > entity requires neither group nor user permissions to read shadow.
> 
> The concept in play here is privilege escalation.
> 
> An exploit may not give you all that root can do, but may be limited
> to, say, tricking the system to change file permission.
> From there an attacker could use that and other exploits to escalate privileges.

How could file permission modification of /etc/shadow be used to
"escalate privileges" ?

Thanks.


-- 
Regards,

Paul.
England, EU.      Je suis Charlie.





More information about the CentOS mailing list