Skip to content

setfsuid

Intro

setfsuid - set the filesystem user ID.

Description

The setfsuid() system call permits a process to change its filesystem user ID, which is utilized primarily for determining file access permissions during the execution of a system call. The filesystem UID is typically equal to the effective UID of a process, but they can differ in certain contexts.

The primary intent of setfsuid() is to allow a process to temporarily alter its identity when accessing filesystem resources without changing the effective UID. It offers a more granular level of access control to the filesystem, especially useful for programs that manage files on behalf of other users.

Arguments

  • fsuid:uid_t[K] - The new filesystem user ID to be set.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space.
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use).
  • OPT - Optional argument - might not always be available (passed with null value).

Hooks

sys_setfsuid

Type

Tracepoint (through sys_enter).

Purpose

To observe and trace occurrences of the setfsuid() system call, capturing details about the new filesystem user ID being set.

Example Use Case

Tracking changes in filesystem UIDs provides a way to monitor and audit file access behaviors, ensuring that processes aren't manipulating file permissions inappropriately or accessing files they shouldn't.

Issues

If not used with caution, setfsuid() can lead to incorrect file access permissions, possibly giving processes more permissions than intended or bypassing certain security mechanisms.

  • setfsgid() - Set the filesystem group ID.
  • setuid() - Set the effective user ID.
  • seteuid() - Set effective user ID.

This document was automatically generated by OpenAI and reviewed by a Human.