OSX setgid system call - which API is the correct

2019-07-18 11:55发布

问题:

I'd like to use the system call setgid, to change the group ID of the current process. Trying to lookup this function, the only implementation I've found is in kern_prot.c :

/*
 * setgid
 *
 * Description: Set group ID system call
 *
 * Parameters:  uap->gid            gid to set
 ...
 ..
 .
 */

 int
 setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)
 {
 ...
 ..
 .
 }

Notice that according to /usr/unistd.h, the API is completely different (int setgid(gid_t);).

  1. does int setgid(gid_t); is a wrapper of int setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)
  2. Where can I find the implementation of int setgid(gid_t);?
  3. Is there any option to call the implementation of setgid from kern_prot.c ?

UPDATE:

After monitoring my program with dtruss to observe system calls, it seems that calling setgid(gid_t) trigger the system call with 3 parameters setgid(0x2, 0x7F9AA3803200, 0x1000) which matches the implementation in kern_prot.c. The question is, where can i find the wrapper source code, and what library does it belongs to (maybe glibc? )

thanks ,

回答1:

What are you looking for is not opensourced. But if you open /usr/lib/system/libsystem_kernel.dylib in the IDA:

From xnu sources:

#define SYS_setgid         181

Here 181 = 0xB5

If you check unix_syscall64 function inside bsd/dev/i386/systemcalls.c (from xnu kernel sources):

code = regs->rax & SYSCALL_NUMBER_MASK;

where SYSCALL_NUMBER_MASK is ~0xFF000000 = 0xFFFFFF (code is 32bit value):

#define SYSCALL_CLASS_SHIFT 24
#define SYSCALL_CLASS_MASK  (0xFF << SYSCALL_CLASS_SHIFT)
#define SYSCALL_NUMBER_MASK (~SYSCALL_CLASS_MASK)

so 0x20000B5 & 0xFF000000 = 0xB5 (SYS_setgid)



标签: c macos bsd mach