Skip to content

setgroups

Intro

setgroups - sets the list of supplementary groups of the calling process

Description

The setgroups() system call allows the calling process to set its supplementary group IDs directly, without manipulating the supplementary group IDs with the initgroups() system call. The setgroups() system call is limited to processes with the CAP_SETGID capability and with an effective user ID of 0.

This system call is the complementary system call to the getgroups() system call, which gets the supplementary group IDs of the calling process.

Arguments

  • size:int - The number of supplementary group IDs in the list.
  • list:gid_t*[K] - A pointer to the list of group IDs.

Available Tags

  • K - Originated from kernel-space.

Hooks

sys_setgroups

Type

kprobe+kretprobe

Purpose

Observe setgroups() calls and the return values.

Example Use Case

For example, an administrator could use the setgroups() system call to change the supplementary group IDs associated with a process in order to temporarily assign it additional privileges.

Issues

One possible issue with setgroups is that it may be vulnerable to time of check, time of use (TOCTOU) race conditions.

getgroups - gets the list of supplementary groups of the calling process

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.