mknodat¶

Intro¶

mknodat - create a special or ordinary file relative to open directory

Description¶

The mknodat() system call operates in exactly the same way as mknod(), except for the differences described in this manual page.

The mknodat() system call creats a special or ordinary file (named by pathname) with permission defined by mode. It is identical to the mknod() system call. The only difference is that the pathname relative to a directory file descriptor, rather than to the working directory.

The user ID and group ID of the created file are set to the effective user ID and group ID of the process, respectively.

Arguments¶

dirfd:int[K] - Directory file descriptor.
pathname:const char*[K] - Pathname of the created file.
mode:mode_t[K] - File type and access mode of the created file.
dev:dev_t[K, TOCTOU] - Pointer to a dev_t structure that is used to store the major or minor device numbers (only for character or block special files).

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space (for example, pointer to user space memory used to get it)
TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
OPT - Optional argument - might not always be available (passed with null value)

Hooks¶

sys_mknodat¶

Type¶

kprobes + tracepoints

Purpose¶

To record when mknodat() is called, what parameters were passed and which return value was returned.

Example Use Case¶

The mknodat() system call can be used by a privileged process to create a directory and file located inside a user-defined directory. This can be used to deploy basic IPC (inter-process communication) infrastructure between processes that run under the same user ID.

Issues¶

No known issues.

openat()
fstatat()
fchownat()
mkdirat()
readdirat()

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.