... in this case it _does_, albeit in a roundabout way via Time Machine local snapshots. In short, the attacker can bypass Unix file permissions by mounting a local backup with owners disabled.