[CentOS] Another Fedora decision

Fri Feb 6 08:03:31 UTC 2015
Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr>

On 02/06/2015 12:50 AM, Kahlil Hodgson wrote:
> On 6 February 2015 at 10:23, Always Learning <centos at u64.u22.net> wrote:
>> Logically ?
>>
>> 1. to change the permissions on shadow from -rw-x------ or from
>> ---------- to -rw-r--r-- requires root permissions ?
>>
>> 2. if so, then what is the advantage of changing those permissions when
>> the entity possessing root authority can already read shadow - that
>> entity requires neither group nor user permissions to read shadow.
>
> The concept in play here is privilege escalation.
>
> An exploit may not give you all that root can do, but may be limited
> to, say, tricking the system to change file permission.
>  From there an attacker could use that and other exploits to escalate privileges.

come on guys, If a cracker changed the perms to 644 he's probably 
sensible enough to change it back to 000 after grabbing a copy...
this is most likely a BCAK error, let it rest please.