On 2/5/2015 8:20 PM, Always Learning wrote:
On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote:
On 6 February 2015 at 10:23, Always Learning <centos@xxxxxxxxxxx> wrote:
Logically ?
1. to change the permissions on shadow from -rw-x------ or from
---------- to -rw-r--r-- requires root permissions ?
2. if so, then what is the advantage of changing those permissions when
the entity possessing root authority can already read shadow - that
entity requires neither group nor user permissions to read shadow.
The concept in play here is privilege escalation.
An exploit may not give you all that root can do, but may be limited
to, say, tricking the system to change file permission.
From there an attacker could use that and other exploits to escalate privileges.
How could file permission modification of /etc/shadow be used to
"escalate privileges" ?
If I can give myself read access to /etc/shadow, then I can grab a copy
and try to crack the passwords (including the root password). If I can
give myself r/w access, then I can directly change the password and give
myself instant access to everything.
--
Bowie
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos