setfsuid16¶
Intro¶
setfsuid16 - sets the effective user ID of the calling process
Description¶
The setfsuid16 syscall sets the effective user ID of the calling process to fsuid. This syscall will only be successful if the user process has the appropriate privileges to set their own effective user ID to the given value. This syscall can be used to change the effective user ID of the calling process, and it may also set the saved set-user-ID if the user has appropriate privileges. It is important to note that this does not change the real user ID or group ID, or the process credentials.
In order for a process to make use of this syscall, the user needs to have the capability CAP_SETUID set.
Arguments¶
fsuid:old_uid_t[K] - The effective user ID of the calling process will be set to this value.
Available Tags¶
- K - Originated from kernel-space.
Hooks¶
sys_setfsuid16¶
Type¶
KProbe
Purpose¶
To monitor processes changing their effective user ID.
Example Use Case¶
This syscall can be used to set the effective user ID of the calling process to a different value, which might be necessary in the case of switching users in a process.
Issues¶
This syscall can lead to a privilege escalation vulnerability if used incorrectly. Care should be taken to ensure that the user has the appropriate privileges to set their own effective user ID.
Related Events¶
setresuid16
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.