Zohar81 Zohar81 - 1 year ago 57
C Question

OSX setgid system call - which API is the correct one

I'd like to use the system call setgid, to change the group ID of the current process. Trying to lookup this function, the only implementation I've found is in kern_prot.c :

* setgid
* Description: Set group ID system call
* Parameters: uap->gid gid to set

setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)

Notice that according to /usr/unistd.h, the API is completely different (
int setgid(gid_t);

  1. does
    int setgid(gid_t);
    is a wrapper of
    int setgid(proc_t p, struct setgid_args *uap, __unused int32_t *retval)

  2. Where can I find the implementation of
    int setgid(gid_t);

  3. Is there any option to call the implementation of setgid from kern_prot.c ?


After monitoring my program with
to observe system calls, it seems that calling
trigger the system call with 3 parameters
setgid(0x2, 0x7F9AA3803200, 0x1000)
which matches the implementation in kern_prot.c. The question is, where can i find the wrapper source code, and what library does it belongs to (maybe glibc? )

thanks ,

Answer Source

What are you looking for is not opensourced. But if you open /usr/lib/system/libsystem_kernel.dylib in the IDA:

enter image description here

From xnu sources:

#define SYS_setgid         181

Here 181 = 0xB5

If you check unix_syscall64 function inside bsd/dev/i386/systemcalls.c (from xnu kernel sources):

code = regs->rax & SYSCALL_NUMBER_MASK;

where SYSCALL_NUMBER_MASK is ~0xFF000000 = 0xFFFFFF (code is 32bit value):


so 0x20000B5 & 0xFF000000 = 0xB5 (SYS_setgid)

