setgid16¶
Intro¶
setgid16 - change the effective of the calling process and the saved set-group-ID
Description¶
The setgid16() system call is used to set the user's real group ID, effective group ID, and the saved set-group-ID of the calling process. This can be used to change the privileges of a process to that of a new group. The setgid16() call is one of the set-ID system calls, meaning that the real user ID and effective user ID of the calling process will also be set. This call is made obsolete by the setgid() call.
Arguments¶
gid:old_gid_t[KU] - represents a group ID.
Available Tags¶
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it).
Hooks¶
sys_setgid16¶
Type¶
Kprobes
Purpose¶
To capture calls to the setgid16 system call.
Example Use Case¶
The setgid16 system call could be used to temporarily switch the effective group ID of a process from a privileged group to that of an unprivileged single-user group in order to perform a task that requires elevated privileges. After the task is complete, the process can be switched back to its original group ID.
Issues¶
The setgid16 system call is obsolete and should not be used in modern Linux systems. It should be replaced with setgid.
Related Events¶
- setgid
- getgid
- setegid
- getegid
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.