creat¶

Intro¶

creat - system call to create a new, or overwrite an existing, file with certain permissions

Description¶

The creat() syscall creates a new file or overwrites an existing file, in the file system pointed to by the given pathname, with the given permissions. If the file does not exist, it will be created with the given permissions. If the file does exist, it will be overwritten, and set to the given permissions.

It should be noted that the creat() syscall is essentially the same as using the open() syscall with the O_CREAT and O_WRONLY flags.

Arguments¶

pathname:const char* - a pointer to a string containing the path to file being modified.
mode:mode_t - permissions to be applied to the file.

Available Tags¶

U - Originated from user space (for example, pointer to user space memory used to get it)

Hooks¶

sys_creat¶

Type¶

Kprobe

Purpose¶

To observe and trace when the creat() system call is performed.

Example Use Case¶

A logging system which keeps track of when files are created or modified.

Issues¶

When creating a file, there is an atomic race condition which could lead to the file being left in an unexpected state if the creat() syscall fails and the file is overwritten.

open() - Creates or opens a file, modifier relating to the creat() syscall.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.