creat¶

Intro¶

creat - system call to create a new, or overwrite an existing, file with certain permissions

Description¶

The creat() syscall creates a new file or overwrites an existing file, in the file system pointed to by the given pathname, with the given permissions.

If the file does not exist, it will be created with the given permissions. If the file does exist, it will be overwritten, and set to the given permissions.

It should be noted that the creat() syscall is essentially the same as an open call to pathname with the following flags: O_WRONLY|O_CREAT|O_TRUNC.

Arguments¶

pathname:const char*[U,TOCTOU] - a pointer to a string containing the path to file being modified.
mode:mode_t[K] - permissions to be applied to the file.

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space.
TOCTOU - Vulnerable to TOCTOU (time of check, time of use).
OPT - Optional argument - might not always be available (passed with null value).

Hooks¶

sys_creat¶

Type¶

Tracepoint (through sys_enter).

Purpose¶

To observe and trace when the creat() system call is performed.

Example Use Case¶

A logging system which keeps track of when files are created or modified.

Issues¶

When creating a file, there is an atomic race condition which could lead to the file being left in an unexpected state if the creat() syscall fails and the file is overwritten.

The creat() system call is also subjected to TOCTOU issues because it does not allow the O_EXCL flag to be set when creating a file. Anyone relying on it has to check if a file exists before calling creat system call. In between the check and the call the file could have been created, for example.

open() - Creates or opens a file, modifier relating to the creat() syscall.

This document was automatically generated by OpenAI and reviewed by a Human.