setfsuid¶

Intro¶

setfsuid - change the effective user id of the current process

Description¶

setfsuid() changes the effective user ID of the calling process. If the effective ID of the caller is root, the real UID and saved set-user-ID are also set.

In case the fsuid is set to a value not equal to the current real and effective UIDs, the permission check for system calls and certain library functions is done against the effective user ID. This can be used to implement (amongst other things) effective privilege separation in set-user-ID programs without requiring the set-user-ID bit to be set on the executable file.

Arguments¶

fsuid:uid_t - The effective user id(UID) to set.

Available Tags¶

N/A

Hooks¶

sys_setfsuid¶

Type¶

Kprobe

Purpose¶

To trace user calls to setfsuid() system call.

Example Use Case¶

The setfsuid system call can be used in a set-user-ID program for privilege separation. By calling setfsuid() and setting it to a specific user, it can restrict the privileges available to the program and prevent unwanted privilege escalation.

Issues¶

If a process' effective user id (UID) is not equal to that of the calling process, then the permission check for system calls and certain library functions will be done against the setfsuid value, which could create a security vulnerability.

setfsuid32, setresuid, setresuid32

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.