Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote:

> On 6 February 2015 at 10:23, Always Learning <centos@xxxxxxxxxxx> wrote:
> > Logically ?
> >
> > 1. to change the permissions on shadow from -rw-x------ or from
> > ---------- to -rw-r--r-- requires root permissions ?
> >
> > 2. if so, then what is the advantage of changing those permissions when
> > the entity possessing root authority can already read shadow - that
> > entity requires neither group nor user permissions to read shadow.
> 
> The concept in play here is privilege escalation.
> 
> An exploit may not give you all that root can do, but may be limited
> to, say, tricking the system to change file permission.
> From there an attacker could use that and other exploits to escalate privileges.

How could file permission modification of /etc/shadow be used to
"escalate privileges" ?

Thanks.


-- 
Regards,

Paul.
England, EU.      Je suis Charlie.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux