quick q: does the `setuid_bin` table also show set...
# generalp
pirxthepilot
05/17/2018, 6:28 PMquick q: does the
setuid_binw
Woogs
05/17/2018, 10:38 PMhttps://github.com/facebook/osquery/blob/master/osquery/tables/system/posix/suid_bin.cpp
Based on my novice reading of the code, seems like it's looking at setgid binaries.
Copy code
r["permissions"] = "";
if ((perms & 04000) == 04000) {
r["permissions"] += "S";
}
if ((perms & 02000) == 02000) {
r["permissions"] += "G";
}Woogs
05/17/2018, 10:38 PMI think
p
pirxthepilot
05/17/2018, 10:48 PMI don't know C++ but that's what it also looks like to me. awesome, thanks for digging up the code!
3 Views