[CentOS] Another Fedora decision
Always Learning
centos at u64.u22.net
Fri Feb 6 01:20:54 UTC 2015
On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote:
> On 6 February 2015 at 10:23, Always Learning <centos at u64.u22.net> wrote:
> > Logically ?
> >
> > 1. to change the permissions on shadow from -rw-x------ or from
> > ---------- to -rw-r--r-- requires root permissions ?
> >
> > 2. if so, then what is the advantage of changing those permissions when
> > the entity possessing root authority can already read shadow - that
> > entity requires neither group nor user permissions to read shadow.
>
> The concept in play here is privilege escalation.
>
> An exploit may not give you all that root can do, but may be limited
> to, say, tricking the system to change file permission.
> From there an attacker could use that and other exploits to escalate privileges.
How could file permission modification of /etc/shadow be used to
"escalate privileges" ?
Thanks.
--
Regards,
Paul.
England, EU. Je suis Charlie.
More information about the CentOS
mailing list