getpgid¶

Intro¶

getpgid - Get the process group ID of a process

Description¶

The getpgid() system call retrieves the process group ID of the process that corresponds to the given PID. It is used to check if the process still exists, as well as its process group ID. It can be used with any PID - even a parent or its own process ID - but there are some restrictions, such as the process having to be in the same session and the process must have the same UID or effective UID as the process doing the syscall. Additionally, a process group can consist of multiple processes and one process can be part of multiple groups.

Arguments¶

pid:pid_t[N] - The process ID of the process for which the process group ID should be queried.

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space (for example, pointer to user space memory used to get it)
TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
OPT - Optional argument - might not always be available (passed with null value)

Hooks¶

sys_getpgid()¶

Type¶

kprobe

Purpose¶

To track the process group ID of a process.

Example Use Case¶

An example use case for getpgid() might be a process tracking application. This application wants to track the process group IDs of all processes running. To do this, it would hook the sys_getpgid() function using a kprobe and store the retuned process group ID in its own database.

Issues¶

No major issues were found with this syscall.

setpgid() - Set the process group ID of a process

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.