OSX setgid system call - which API is the correct

2019-07-18 11:51发布

I'd like to use the system call setgid, to change the group ID of the current process. Trying to lookup this function, the only implementation I've found is in kern_prot.c :

/*
 * setgid
 *
 * Description: Set group ID system call
 *
 * Parameters:  uap->gid            gid to set
 ...
 ..
 .
 */

 int
 setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)
 {
 ...
 ..
 .
 }

Notice that according to /usr/unistd.h, the API is completely different (int setgid(gid_t);).

does int setgid(gid_t); is a wrapper of int setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)
Where can I find the implementation of int setgid(gid_t);?
Is there any option to call the implementation of setgid from kern_prot.c ?

UPDATE:

After monitoring my program with dtruss to observe system calls, it seems that calling setgid(gid_t) trigger the system call with 3 parameters setgid(0x2, 0x7F9AA3803200, 0x1000) which matches the implementation in kern_prot.c. The question is, where can i find the wrapper source code, and what library does it belongs to (maybe glibc? )

thanks ,

标签： c macos bsd mach

1条回答

走好不送

2楼-- · 2019-07-18 12:13

What are you looking for is not opensourced. But if you open /usr/lib/system/libsystem_kernel.dylib in the IDA:

From xnu sources:

#define SYS_setgid         181

Here 181 = 0xB5

If you check unix_syscall64 function inside bsd/dev/i386/systemcalls.c (from xnu kernel sources):

code = regs->rax & SYSCALL_NUMBER_MASK;

where SYSCALL_NUMBER_MASK is ~0xFF000000 = 0xFFFFFF (code is 32bit value):

#define SYSCALL_CLASS_SHIFT 24
#define SYSCALL_CLASS_MASK  (0xFF << SYSCALL_CLASS_SHIFT)
#define SYSCALL_NUMBER_MASK (~SYSCALL_CLASS_MASK)

so 0x20000B5 & 0xFF000000 = 0xB5 (SYS_setgid)

0人赞添加讨论(0) 举报

OSX setgid system call - which API is the correct

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间