Skip to content

getcwd

Intro

getcwd - returns the working directory path of the current process

Description

The getcwd() function uses the buf parameter to store the path of the current working directory of the process. The buf argument should point to a user allocated buffer of sufficient size (specified by the size argument) that can hold the absolute pathname of the working directory. If the size argument is greater than zero, the path string will be null-terminated. If size is 0, then buf must be a null pointer. If size is greater than zero and buf is NULL, error occurs.

getcwd() returns a pointer to the user allocated buffer which stores the pathname of the working directory upon success. If there are issues relating to the size parameter being insufficient (too small) then the error "ERANGE" is returned.

Arguments

  • buf:char*[U] - buf should point to a user allocated buffer of sufficient size to hold the absolute pathname of the working directory.
  • size:size_t[U] - specifies the size of the user allocated buffer.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

do_getcwd

Type

Tracepoint

Purpose

To track the getcwd syscall.

Example Use Case

An example use case for getcwd is to use it to obtain the working directory of a process so it can be compared with a parent directory to validate that the process is in the correct directory.

Issues

The errors returned by getcwd() are non-standard, so they may not be comparable across different systems.

The readlink() and realpath() syscalls may be used in conjunction with getcwd() to normalize given paths.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.