On Mon, February 9, 2015 10:55 am, Bowie Bailey wrote: > On 2/5/2015 8:20 PM, Always Learning wrote: >> On Fri, 2015-02-06 at 10:50 +1100, Kahlil Hodgson wrote: >> >>> On 6 February 2015 at 10:23, Always Learning <centos@xxxxxxxxxxx> >>> wrote: >>>> Logically ? >>>> >>>> 1. to change the permissions on shadow from -rw-x------ or from >>>> ---------- to -rw-r--r-- requires root permissions ? >>>> >>>> 2. if so, then what is the advantage of changing those permissions >>>> when >>>> the entity possessing root authority can already read shadow - that >>>> entity requires neither group nor user permissions to read shadow. >>> The concept in play here is privilege escalation. >>> >>> An exploit may not give you all that root can do, but may be limited >>> to, say, tricking the system to change file permission. >>> From there an attacker could use that and other exploits to escalate >>> privileges. >> How could file permission modification of /etc/shadow be used to >> "escalate privileges" ? > > If I can give myself read access to /etc/shadow, then I can grab a copy > and try to crack the passwords (including the root password). If I can > give myself r/w access, then I can directly change the password and give > myself instant access to everything. > I guess, this discussion (about security of your system and what affects it) should be ended by the reference to fundamental book on Unix system [administration]. One thing I learned: you can not become proficient in any subject just by reading sparse blogs about it. One thing you definitely need: very good understanding of underlying fundamentals. For this reason the most productive would be to think if you have very good general understanding of how Unix (or Unix-like) system works. The easiest is to start reading good book about it, and if you see you are making discoveries, then this is definitely what you are missing, and what you need to study before diving into discussion what is good for security and how it affects that. That would be what I would recommend to myself (which I did way back...). If I were choosing the book to get good start today, I would choose: UNIX and Linux System Administration Handbook (4th Edition) 2010 by Evi Nemeth and Garth Snyder - don't worry about "outdated...", remember, you first need fundamentals. It is not as "fundamental" as some of the books of the past I remember, but I'd rather mention it that those really old books. I'm sure, someone may suggest better book, maybe even free online book. Note, your advise of book giving fundamental knowledge of Unix or Linux system may be really valuable. Just my $0.02 Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos