Skip to content

bind

Intro

bind - assigns address name to a socket

Description

The bind() system call assigns the address specified by addr to the socket referred to by the file descriptor sockfd. For AF_INET sockets, the bind() system call binds addr to the address whose port number is specified in addr and whose Internet address is any address. Only one process may bind to a specific port.

The addrlen argument specifies the size, in bytes, of the address structure pointed to by addr. For more information about addrlen requirements for different address families, refer to the manual page for addrlen.

There might be cases where bind() could produce an error due to limits concerning the number of port numbers from 0 to 1023 that are reserved for internal use and privileged operations (e.g. by root processes).

Arguments

  • sockfd:int - file descriptor used in the bind system call.
  • addr:struct sockaddr*[KU] - pointer to a structure of sockaddr for the address that should be bound.
  • addrlen:int[K] OPT - length of the sockaddr structure that is pointed by addr.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_bind

Type

Kprobes

Purpose

To track bind’s execution from kernel space.

sock_bind

Type

Kprobes

Purpose

To track bind’s execution from user space.

Example Use Case

The bind() system call is useful for limiting the scope of applications running on the same host. By using the bind() system call, different applications can explicitly bind to a specific IP address and assign certain port numbers, so that two applications on the same host are not using the same port number.

Issues

The bind() system call can only bind to a specific port number once. If the same port number is asked to be bound to more than one application, it can produce an error and therefore result in undesired behavior.

connect(), listen(), accept(), sendto()

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.