OSX setgid系统调用-哪个API是正确的

本文介绍了OSX setgid系统调用-哪个API是正确的的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我想使用系统调用setgid来更改当前进程的组ID.尝试查找此功能时，我发现的唯一实现是在kern_prot.c中:

I'd like to use the system call setgid, to change the group ID of the current process. Trying to lookup this function, the only implementation I've found is in kern_prot.c :

/*
 * setgid
 *
 * Description: Set group ID system call
 *
 * Parameters:  uap->gid            gid to set
 ...
 ..
 .
 */

 int
 setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)
 {
 ...
 ..
 .
 }

请注意，根据/usr/unistd.h，API完全不同(int setgid(gid_t);).

Notice that according to /usr/unistd.h, the API is completely different (int setgid(gid_t);).

int setgid(gid_t);是int setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)的包装器
在哪里可以找到int setgid(gid_t);的实现?
是否可以从kern_prot.c中调用setgid的实现?

does int setgid(gid_t); is a wrapper of int setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)
Where can I find the implementation of int setgid(gid_t);?
Is there any option to call the implementation of setgid from kern_prot.c ?

更新:

使用dtruss监视程序以观察系统调用后，似乎调用setgid(gid_t)会触发3个参数的系统调用setgid(0x2, 0x7F9AA3803200, 0x1000)与kern_prot.c中的实现匹配.问题是，我在哪里可以找到包装器源代码，它属于哪个库(也许是glibc?)

After monitoring my program with dtruss to observe system calls, it seems that calling setgid(gid_t) trigger the system call with 3 parameters setgid(0x2, 0x7F9AA3803200, 0x1000) which matches the implementation in kern_prot.c. The question is, where can i find the wrapper source code, and what library does it belongs to (maybe glibc? )

谢谢，

推荐答案

您要查找的内容不是开源的.但是，如果您在IDA中打开/usr/lib/system/libsystem_kernel.dylib:

What are you looking for is not opensourced. But if you open /usr/lib/system/libsystem_kernel.dylib in the IDA:

从xnu来源:

#define SYS_setgid         181

此处181 = 0xB5

Here 181 = 0xB5

如果您检查bsd/dev/i386/systemcalls.c中的unix_syscall64函数(来自xnu内核源代码):

If you check unix_syscall64 function inside bsd/dev/i386/systemcalls.c (from xnu kernel sources):

code = regs->rax & SYSCALL_NUMBER_MASK;

其中SYSCALL_NUMBER_MASK is ~0xFF000000 = 0xFFFFFF(代码是32位值):

where SYSCALL_NUMBER_MASK is ~0xFF000000 = 0xFFFFFF (code is 32bit value):

#define SYSCALL_CLASS_SHIFT 24
#define SYSCALL_CLASS_MASK  (0xFF << SYSCALL_CLASS_SHIFT)
#define SYSCALL_NUMBER_MASK (~SYSCALL_CLASS_MASK)

如此0x20000B5 & 0xFF000000 = 0xB5(SYS_setgid)

so 0x20000B5 & 0xFF000000 = 0xB5 (SYS_setgid)

这篇关于OSX setgid系统调用-哪个API是正确的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！