Native API - Linux

The Linux API (Application Programming Interface) refers to the set of system calls and library functions that applications use to interact with the Linux kernel and operating system. These APIs provide access to various low-level functionalities such as file manipulation, process control, network communication, and more. Key components of the Linux API include:

• 1. System Calls: These are functions provided by the Linux kernel that programs can use to perform various operations such as reading from or writing to files, creating processes, and managing memory. Examples include open, read, write, fork, and execve.

  2. Library Functions: These are higher-level functions provided by libraries such as the GNU C Library (glibc). They provide a more convenient interface to the underlying system calls. Examples include fopen, printf, malloc, and pthread_create.

If an attacker gains access to a process that runs with higher privileges, they can use file-related system calls to read sensitive information (e.g., /etc/passwd, /etc/shadow).

The following is an example of API usage for user enumeration

#include <stdio.h>
#include <stdlib.h>
#include <pwd.h>
#include <sys/types.h>
#include <unistd.h>
 
int main() {
    // Get the user ID of the calling process
    uid_t uid = getuid();
   
    // Retrieve the passwd struct for the given user ID
    struct passwd *pw = getpwuid(uid);
   
    // Check if the passwd struct is valid
    if (pw == NULL) {
        perror("getpwuid");
        exit(EXIT_FAILURE);
    }
 
    // Print the user information
    printf("User information:\n");
    printf("Username: %s\n", pw->pw_name);
    printf("User ID: %u\n", pw->pw_uid);
    printf("Group ID: %u\n", pw->pw_gid);
    printf("Home directory: %s\n", pw->pw_dir);
    printf("Shell: %s\n", pw->pw_shell);
 
    return 0;
}