chmod¶

Intro¶

chmod - change the permissions of a file

Description¶

The chmod() system call is used to change the permission of a given file path, determined by the parameter pathname. The permission bits of a file are set using the second parameter of the call, mode, which is the third parameter of type mode_t and is expected as a bitmask of permission bits.

The permission are set base on the user or group that own the file, setuid and setgid bit and marix of user, group and other. For more detail the man page of chmod should be consulted.

There are some edge cases where the permission are not inhereted by the files that are created in a directory, for instance when creating a file with the O_TMPFILE flag. Also when using the flag chmod(), it will not delete the sticky bit information from the files.

Arguments¶

pathname:const char*[K] - Path to the file whose permission bits are to be changed.
mode:mode_t[K] - A bitmask of permission bits that will be used to set the new permission.

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space (for example, pointer to user space memory used to get it)
TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
OPT - Optional argument - might not always be available (passed with null value)

Hooks¶

sys_chmod¶

Type¶

Kprobe.

Purpose¶

To get a context of the bits which are being used to change the mode and who initiated the call.

Example Use Case¶

In order to collect events about every time files permissions inside of a directory are modified, you can use this event.

Issues¶

The event is vulnerable to TOCTOU, use care when operating on it.

openat()
fchmodat()
chown()

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.