I would like to ask you who are familiar with security on unix-like systems how do you rate potential risk on for example config files (ASCII) that have executable flag configured on them.
Common sense would say obviously to go with the least privileges as possible but could you rate potential danger or point to exact example of abusing this in the real world?
As those files are mostly owned by root, in order to edit them you would need a root permission to change them and in that case you can even change the executable flag on it as well even for those with the flag unset.
Thanks in advance
Leave an answer