Skip to content

setresgid

Intro

setresgid - Changes the calling process's real, effective, and saved set-group-ID privileges

Description

The setresgid() system call is used to change the real, effective, and saved set-group-ID privileges. It is analogous to setresuid() for user IDs. The new IDs are provided in the rgid, egid and sgid arguments, respectively. Only a privileged process (Linux: one with the CAP_SETUID capability) can set the real UID, effective UID, or saved UID to an arbitrary value. An unprivileged process may set any or all of the effective, real, or saved user IDs to the current value of the corresponding real, effective, or saved user ID, or to the value of some other user ID in the same user group as the corresponding real, effective, or saved user ID.

It should be noted that the setresgid() call does not clear up any supplementary group IDs. These remain unchanged in all cases. To change the group membership, the setgroups() system call must be used.

Arguments

  • rgid:gid_t[K] - The rgid argument specifies the new real group ID for the calling process.
  • egid:gid_t[K] - The egid argument specifies the new effective group ID for the calling process.
  • sgid:gid_t[K] - The sgid argument specifies the new saved set-group-ID for the calling process.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_setresgid

Type

Kprobe + Kretprobe

Purpose

The purpose of hooks for the setresgid call is to analyze process privilege escalation and the effectiveness of security mechanisms.

Example Use Case

A system task was designed to invoke the setresgid system call to increase the privileges of another security process on the system. This could be used to monitor whether the task is effective and what parameters are used in the call.

Issues

In order to call setresgid() successfully, the user must have the CAP_SETUID capability.

setresuid() - used to change the real, effective, and saved user IDs of the calling process.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.