[CentOS] an actual hacked machine, in a preserved state

email builder emailbuilder88 at yahoo.com
Fri Jan 6 04:13:52 UTC 2012

> 1.) Attacker uses apache remote exploit (or other means) to obtain

>  your /etc/shadow file (not a remote shell, just GET the file 
> without that fact being logged);

I don't mean to thread-hijack, but I'm curious, if apache runs as its
own non-root user and /etc/shadow is root-owned and 0400, then
how could any exploit of software not running as root ever have
access to that file??

More information about the CentOS mailing list