fchdir¶
Intro¶
fchdir - Change the current working directory by file descriptor.
Description¶
The fchdir() system call allows the application to change the current working directory by a file descriptor. This can be useful for applications that want to change the cwd for a child process without having to resort to absolute paths or up and down directory lookup. The file descriptor argument should refer to an open directory.
There are some drawbacks to using fchdir(). Since it is an atomic operation, it will not take into account intervening changes to the directory structure. This can have security implications, therefore applications that are using fchdir() should be aware of potential time-of-check, time-of-use (TOCTOU) race conditions.
Arguments¶
fd:int[K] - File descriptor of an open directory that should be used as the new cwd.
Available Tags¶
- K - Originated from kernel-space.
Hooks¶
fchdir¶
Type¶
Kprobe
Purpose¶
To track changes in the current working directory and log the arguments associated with them.
Example Use Case¶
An application wants to change the cwd for its child process without having to resort to absolute paths or up and down directory lookup.
Issues¶
fchdir() is an atomic operation, so it will not take into account intervening changes to the directory structure. This can have security implications, as there may be potential time-of-check, time-of-use (TOCTOU) race conditions.
Related Events¶
- chdir - Change the current working directory
- open - Open a file (used to obtain the necessary file descriptor)
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.