setfsgid¶
Intro¶
setfsgid - set the filesystem group ID.
Description¶
The setfsgid()
system call allows a process to alter its filesystem group ID.
This ID is utilized primarily for determining file access permissions during a system call. While the filesystem GID is usually identical to the effective GID of a process, they can differ under specific circumstances.
setfsgid()
provides a mechanism for a process to adjust its identity
temporarily when accessing filesystem resources without altering its effective
GID. This capability facilitates a more detailed level of access control for the
filesystem, particularly beneficial for applications that handle files on behalf
of multiple users.
Arguments¶
fsgid
:gid_t
[K] - The new filesystem group ID to be set.
Available Tags¶
- K - Originated from kernel-space.
- U - Originated from user space.
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use).
- OPT - Optional argument - might not always be available (passed with null value).
Hooks¶
sys_setfsgid¶
Type¶
Tracepoint (through sys_enter
).
Purpose¶
To monitor and record instances when the setfsgid()
system call is executed,
capturing specifics about the new filesystem group ID being assigned.
Example Use Case¶
Observing alterations in filesystem GIDs is essential for overseeing file access patterns, ensuring that processes aren't modifying file permissions in unexpected ways or accessing files beyond their designated privileges.
Issues¶
Misuse of the setfsgid()
system call or vulnerabilities in software utilizing
it can lead to potential security issues, resulting in unauthorized group access
or inadvertent permission changes.
Related Events¶
setfsuid()
- Set the filesystem user ID.setgid()
- Set the effective group ID.setegid()
- Set effective group ID.
This document was automatically generated by OpenAI and reviewed by a Human.