Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
p
pirxthepilot
05/17/2018, 6:28 PMquick q: does the
setuid_binw
Woogs
05/17/2018, 10:38 PMhttps://github.com/facebook/osquery/blob/master/osquery/tables/system/posix/suid_bin.cpp
Based on my novice reading of the code, seems like it's looking at setgid binaries.
r["permissions"] = "";
if ((perms & 04000) == 04000) {
r["permissions"] += "S";
}
if ((perms & 02000) == 02000) {
r["permissions"] += "G";
}I think
p
pirxthepilot
05/17/2018, 10:48 PMI don't know C++ but that's what it also looks like to me. awesome, thanks for digging up the code!