Skip to content

ipc

Intro

ipc - System call used traditionally to communicate between processes over a network or through I/O channels.

Description

The ipc system call is used to communicate between processes, either over a network or through I/O channels. It takes a set of arguments which indicate the direction of communication and the parameters needed to set up the communication. The call can be used to either send or receive messages and data to/from a remote process or I/O channel.

This system call is useful for the exchange of information between processes without the need for a separate protocol or application-level code. It can also be used for process synchronization, where two or more processes wait for one another to take certain actions before proceeding.

Arguments

  • call:unsigned int - Specifies which action to take (e.g. send, receive, etc.)
  • first:int - Generally a process ID, or an identifier for the resource to be accessed.
  • second:unsigned long[OPT] - Additional information for the call, such as the address of a buffer for data transfer.
  • third:unsigned long[K] - Optional data buffer address, used in some commands to transfer data between processes.
  • ptr:void*[K] - Pointer to a variable where the actual result of the call is stored if the call was successful.
  • fifth:long[OPT] - Used to specify additional flags or options for the call, such as permissions or timeouts.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_ipc

Type

Kprobes / Kretprobes

Purpose

To monitor the interaction between processes and the IPC channels.

Example Use Case

The ipc system call could be used to send a simple message from one process to another. In this case, the message and all associated data could be sent and received within a single call.

Issues

The ipc call is vulnerable to race conditions when used with the IPC_NOWAIT option, as the command may return before the requested operation is complete.

  • msgget - creates a System V message queue
  • msgsnd - sends a message to a System V message queue
  • msgrcv - receives a message from a System V message queue
  • shmget - creates a System V shared memory segment
  • shmat - attaches a System V shared memory segment to the calling process
  • semget - creates a System V semaphore set

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.