Skip to content

Commit

Permalink
fix: address review comments
Browse files Browse the repository at this point in the history
Signed-off-by: Roberto Scolaro <[email protected]>
  • Loading branch information
therealbobo authored and poiana committed Jun 25, 2024
1 parent d7d1e7c commit 721f695
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 25 deletions.
13 changes: 6 additions & 7 deletions driver/syscall_table.c
Original file line number Diff line number Diff line change
Expand Up @@ -437,6 +437,12 @@ const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE] = {
#endif
#ifdef __NR_delete_module
[__NR_delete_module - SYSCALL_TABLE_ID0] = {UF_USED, PPME_SYSCALL_DELETE_MODULE_E, PPME_SYSCALL_DELETE_MODULE_X, PPM_SC_DELETE_MODULE},
#endif
#ifdef __NR_setreuid
[__NR_setreuid - SYSCALL_TABLE_ID0] = {UF_USED, PPME_SYSCALL_SETREUID_E, PPME_SYSCALL_SETREUID_X, PPM_SC_SETREUID},
#endif
#ifdef __NR_setregid
[__NR_setregid - SYSCALL_TABLE_ID0] = {UF_USED, PPME_SYSCALL_SETREGID_E, PPME_SYSCALL_SETREGID_X, PPM_SC_SETREGID},
#endif
[__NR_restart_syscall - SYSCALL_TABLE_ID0] = { .ppm_sc = PPM_SC_RESTART_SYSCALL },
[__NR_exit - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_EXIT},
Expand Down Expand Up @@ -505,13 +511,6 @@ const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE] = {
[__NR_rt_sigqueueinfo - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_RT_SIGQUEUEINFO},
[__NR_rt_sigsuspend - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_RT_SIGSUSPEND},
[__NR_capget - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_CAPGET},

#ifdef __NR_setreuid
[__NR_setreuid - SYSCALL_TABLE_ID0] = {UF_USED, PPME_SYSCALL_SETREUID_E, PPME_SYSCALL_SETREUID_X, PPM_SC_SETREUID},
#endif
#ifdef __NR_setregid
[__NR_setregid - SYSCALL_TABLE_ID0] = {UF_USED, PPME_SYSCALL_SETREGID_E, PPME_SYSCALL_SETREGID_X, PPM_SC_SETREGID},
#endif
[__NR_getgroups - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_GETGROUPS},
[__NR_setgroups - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_SETGROUPS},
#ifdef __NR_fchown
Expand Down
42 changes: 24 additions & 18 deletions userspace/libsinsp/parsers.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -4903,14 +4903,15 @@ void sinsp_parser::parse_setresuid_exit(sinsp_evt *evt)
//
retval = evt->get_param(0)->as<int64_t>();

if(retval >= 0 && retrieve_enter_event(enter_evt, evt))
if(retval == 0 && retrieve_enter_event(enter_evt, evt))
{
uint32_t new_euid = enter_evt->get_param(1)->as<uint32_t>();

if(new_euid < std::numeric_limits<uint32_t>::max())
{
if (evt->get_thread_info()) {
evt->get_thread_info()->set_user(new_euid);
sinsp_threadinfo* ti = evt->get_thread_info();
if (ti) {
ti->set_user(new_euid);
}
}
}
Expand All @@ -4925,14 +4926,15 @@ void sinsp_parser::parse_setreuid_exit(sinsp_evt *evt)
//
retval = evt->get_param(0)->as<int64_t>();

if(retval >= 0)
if(retval == 0)
{
uint32_t new_euid = evt->get_param(1)->as<uint32_t>();

if(new_euid < std::numeric_limits<uint32_t>::max())
{
if (evt->get_thread_info()) {
evt->get_thread_info()->set_user(new_euid);
sinsp_threadinfo* ti = evt->get_thread_info();
if (ti) {
ti->set_user(new_euid);
}
}
}
Expand All @@ -4948,14 +4950,15 @@ void sinsp_parser::parse_setresgid_exit(sinsp_evt *evt)
//
retval = evt->get_param(0)->as<int64_t>();

if(retval >= 0 && retrieve_enter_event(enter_evt, evt))
if(retval == 0 && retrieve_enter_event(enter_evt, evt))
{
uint32_t new_egid = enter_evt->get_param(1)->as<uint32_t>();

if(new_egid < std::numeric_limits<uint32_t>::max())
{
if (evt->get_thread_info()) {
evt->get_thread_info()->set_group(new_egid);
sinsp_threadinfo* ti = evt->get_thread_info();
if (ti) {
ti->set_group(new_egid);
}
}
}
Expand All @@ -4970,14 +4973,15 @@ void sinsp_parser::parse_setregid_exit(sinsp_evt *evt)
//
retval = evt->get_param(0)->as<int64_t>();

if(retval >= 0)
if(retval == 0)
{
uint32_t new_egid = evt->get_param(1)->as<uint32_t>();

if(new_egid < std::numeric_limits<uint32_t>::max())
{
if (evt->get_thread_info()) {
evt->get_thread_info()->set_group(new_egid);
sinsp_threadinfo* ti = evt->get_thread_info();
if (ti) {
ti->set_group(new_egid);
}
}
}
Expand All @@ -4993,11 +4997,12 @@ void sinsp_parser::parse_setuid_exit(sinsp_evt *evt)
//
retval = evt->get_param(0)->as<int64_t>();

if(retval >= 0 && retrieve_enter_event(enter_evt, evt))
if(retval == 0 && retrieve_enter_event(enter_evt, evt))
{
uint32_t new_euid = enter_evt->get_param(0)->as<uint32_t>();
if (evt->get_thread_info()) {
evt->get_thread_info()->set_user(new_euid);
sinsp_threadinfo* ti = evt->get_thread_info();
if (ti) {
ti->set_user(new_euid);
}
}
}
Expand All @@ -5012,11 +5017,12 @@ void sinsp_parser::parse_setgid_exit(sinsp_evt *evt)
//
retval = evt->get_param(0)->as<int64_t>();

if(retval >= 0 && retrieve_enter_event(enter_evt, evt))
if(retval == 0 && retrieve_enter_event(enter_evt, evt))
{
uint32_t new_egid = enter_evt->get_param(0)->as<uint32_t>();
if (evt->get_thread_info()) {
evt->get_thread_info()->set_group(new_egid);
sinsp_threadinfo* ti = evt->get_thread_info();
if (ti) {
ti->set_group(new_egid);
}
}
}
Expand Down

0 comments on commit 721f695

Please sign in to comment.