[CentOS] Another Fedora decision

Mon Feb 9 16:55:50 UTC 2015
Bowie Bailey <Bowie_Bailey at BUC.com>

On 2/5/2015 8:20 PM, Always Learning wrote:
> On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote:
>
>> On 6 February 2015 at 10:23, Always Learning <centos at u64.u22.net> wrote:
>>> Logically ?
>>>
>>> 1. to change the permissions on shadow from -rw-x------ or from
>>> ---------- to -rw-r--r-- requires root permissions ?
>>>
>>> 2. if so, then what is the advantage of changing those permissions when
>>> the entity possessing root authority can already read shadow - that
>>> entity requires neither group nor user permissions to read shadow.
>> The concept in play here is privilege escalation.
>>
>> An exploit may not give you all that root can do, but may be limited
>> to, say, tricking the system to change file permission.
>>  From there an attacker could use that and other exploits to escalate privileges.
> How could file permission modification of /etc/shadow be used to
> "escalate privileges" ?

If I can give myself read access to /etc/shadow, then I can grab a copy 
and try to crack the passwords (including the root password). If I can 
give myself r/w access, then I can directly change the password and give 
myself instant access to everything.

-- 
Bowie