getresgid16¶
Intro¶
getresgid16 - get the real, effective, and saved group IDs of the calling process
Description¶
The getresgid16() system call gets the real, effective, and saved group IDs of the calling process (in that order).
Using this call, a process can be sure that its real, effective and saved group IDs are the same. This can help with privilege elevation when changing credentials.
Since it takes no arguments, there are no edge-cases or drawbacks, however, in kernel versions prior to 4.20 the allocated argument was present and had to be set to the size of the old_gid_t type, which might be confusing for some.
Arguments¶
rgid:old_gid_t*[K] - Pointer to the real group ID of the caller.egid:old_gid_t*[K] - Pointer to the effective group ID of the caller.sgid:old_gid_t*[K] - Pointer to the saved group ID of the caller.
Available Tags¶
- K - Originated from kernel-space.
Hooks¶
do_getresgid16¶
Type¶
Kprobe
Purpose¶
To allow users to trace or monitor calls to the getresgid16() system call from user space.
Example Use Case¶
Monitoring the progress of setting the caller's real, effective, and saved group IDs.
Issues¶
In some kernels, the allocated argument had to be set to the size of the old_gid_t type, but this was deprecated in kernel 4.20.
Related Events¶
- setresgid16 - set the real, effective, and saved group IDs of the calling process
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.