Getresuid¶
Intro¶
getresuid - Get the real, effective and saved user identity
Description¶
The getresuid() system call gets the real, effective and saved user identity of the calling process, storing the results in the buffer pointed to by ruid, euid and suid, respectively.
The real user ID is the user ID of the owner of the process. The effective user ID is the user ID used when checking user permissions. The saved user ID is the user ID used when the process calls execve().
Arguments¶
ruid
:uid_t*
[K,U] - Pointer to a uid_t buffer where the real user ID will be stored.euid
:uid_t*
[K,U] - Pointer to a uid_t buffer where the effective user ID will be stored.suid
:uid_t*
[K,U] - Pointer to a uid_t buffer where the saved user ID will be stored.
Available Tags¶
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Hooks¶
do_getrusage¶
Type¶
Kprobe
Purpose¶
To monitor when a process requests its own resource usage.
sys_getresuid¶
Type¶
Kretprobe
Purpose¶
To retrieve the real, effective and saved user ID of the calling process.
Example Use Case¶
The getresuid() system call can be used to check if a process has the same real and effective user ID.
Issues¶
There are no known issues with this system call.
Related Events¶
- getresgid() - Get the real, effective and saved group identity of the calling process.
- getuid() - Get the real user ID of the calling process.
- geteuid() - Get the effective user ID of the calling process.
- getegid() - Get the effective group ID of the calling process.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.