Skip to content

setuid

Intro

Setuid - Allows a process to acquire the privileges of a different user.

Description

The setuid() call will set the effective user ID of the calling process to the specified uid. If the executable file contains setuid in its mode mask, the setuid() system call will set the effective user ID of the calling process to the user ID specified in the executable file. This call can be used to provide privileges to a process that it ordinarily would not have. However, it is important to understand the drawbacks and potential security risks associated with setuid calls, such as potential TOCTOU (time-of-check-time-of-use) vulnerabilities and privilege escalation.

Arguments

  • uid:uid_t - The uid to assign to the process.

Available Tags

  • U - Originated from user space
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_setuid

Type

Kprobes

Purpose

To monitor calls of the setuid() system call, for the purpose of debugging.

Example Use Case

For example, a system administrator might use the setuid() call to temporarily elevated privileges so that a privileged user can execute a particular command on a system.

Issues

Due to the TOCTOU vulnerability associated with the setuid() call, special attention should be paid to ensure that the value passed to setuid() is trustworthy.

  • setgid() - A system call used to set the group ID of a process.
  • seteuid() - A system call used to set the effective user ID of the current process to the supplied user ID.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.