Skip to content

lchown

Intro

lchown - change the owner and group of a symbolic link.

Description

The lchown() system call is used to change the owner and group of a specified symbolic link, without dereferencing it. The new owner and group are specified by the owner and group arguments respectively.

Arguments

  • pathname:const char*[U,TOCTOU] - Path to the symbolic link whose owner and group are to be changed.
  • owner:uid_t[K] - User identifier of the new owner.
  • group:gid_t[K] - Group identifier of the new group.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space.
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use).
  • OPT - Optional argument - might not always be available (passed with null value).

Hooks

sys_lchown

Type

Tracepoint (through sys_enter).

Purpose

To observe and trace when the lchown() system call is performed, collecting information about the symbolic link, and the new owner and group.

Example Use Case

Monitoring changes in symbolic link ownership in a system, especially in scenarios where the dereferencing of symbolic links needs to be avoided.

Issues

The lchown() system call can be subjected to TOCTOU issues, where the symbolic link specified by pathname could be changed between the time of check and the time of use, leading to potential security risks.

  • chown()
  • fchown()
  • fchownat()

This document was automatically generated by OpenAI and reviewed by a Human.