<div class="gmail_quote">2010/12/21 Miloslav Trmač:<span dir="ltr"></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">If an attacker were controlling a process running with uid 0 and no<br>
capabilities at all, and /bin/sh were 0555, nothing prevents the<br>
attacker from chmod()ing /bin/sh to 0755 and overwriting it. This makes<br>
any attempts to change the file permissions rather pointless.<br></blockquote><div><br>You don't even need to change permissions for root to be able to delete or change the contents of the directory.<br><br>Dick<br>
</div></div>