On 2/5/2015 8:20 PM, Always Learning wrote: > On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote: > >> On 6 February 2015 at 10:23, Always Learning <centos at u64.u22.net> wrote: >>> Logically ? >>> >>> 1. to change the permissions on shadow from -rw-x------ or from >>> ---------- to -rw-r--r-- requires root permissions ? >>> >>> 2. if so, then what is the advantage of changing those permissions when >>> the entity possessing root authority can already read shadow - that >>> entity requires neither group nor user permissions to read shadow. >> The concept in play here is privilege escalation. >> >> An exploit may not give you all that root can do, but may be limited >> to, say, tricking the system to change file permission. >> From there an attacker could use that and other exploits to escalate privileges. > How could file permission modification of /etc/shadow be used to > "escalate privileges" ? If I can give myself read access to /etc/shadow, then I can grab a copy and try to crack the passwords (including the root password). If I can give myself r/w access, then I can directly change the password and give myself instant access to everything. -- Bowie