If an attacker were controlling a process running with uid 0 and no
capabilities at all, and /bin/sh were 0555, nothing prevents the
attacker from chmod()ing /bin/sh to 0755 and overwriting it. This makes
any attempts to change the file permissions rather pointless.