Skip to content

setgid

Intro

setgid - set the effective group ID of the calling process.

Description

The setgid() system call enables a process to change its effective group ID.

This is an essential mechanism in Unix-like operating systems, allowing processes to acquire or drop group-based permissions. Just as with setuid(), programs that run with set-group-ID-on-exec (the setgid bit) will operate with the file's group ID as its effective group ID.

setgid() is often used in conjunction with setuid() in programs that need to temporarily escalate or change privileges to perform specific tasks. By using setgid(), programs can ensure they operate with the least amount of group-based privilege necessary, enhancing system security.

Arguments

  • gid:gid_t[K] - The group ID which will be set as the effective group ID of the calling process.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space.
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use).
  • OPT - Optional argument - might not always be available (passed with null value).

Hooks

sys_setgid

Type

Tracepoint (through sys_enter).

Purpose

To observe and trace when the setgid() system call is performed, capturing details about the group ID being set.

Example Use Case

Monitoring changes in group privileges in a system, particularly in scenarios where group-based access control is crucial for security or resource sharing.

Issues

Similar to setuid(), if setgid() is misused or if programs leveraging it contain vulnerabilities, it can pave the way for privilege escalation attacks. Care must be taken to ensure that programs drop group-based privileges appropriately and securely.

  • setuid() - Set the effective user ID of the calling process.
  • setegid() - Set the effective group ID, but retain the original real group ID.
  • setregid() - Set real and/or effective group ID.

This document was automatically generated by OpenAI and reviewed by a Human.