https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
p

pirxthepilot

05/17/2018, 6:28 PM
quick q: does the 
setuid_bin
table also show setgid binaries?
w

Woogs

05/17/2018, 10:38 PM
https://github.com/facebook/osquery/blob/master/osquery/tables/system/posix/suid_bin.cpp Based on my novice reading of the code, seems like it's looking at setgid binaries.
Copy code
r["permissions"] = "";
  if ((perms & 04000) == 04000) {
    r["permissions"] += "S";
  }

  if ((perms & 02000) == 02000) {
    r["permissions"] += "G";
  }
I think
p

pirxthepilot

05/17/2018, 10:48 PM
I don't know C++ but that's what it also looks like to me. awesome, thanks for digging up the code!
3 Views
Powered by