Skip to content

msgrcv

Intro

msgrcv - Linux system call that reads a message located in a queue

Description

msgrcv() is a Linux system call that reads a message located in a message queue identified by the ID parameter msqid. The parameter msgp points to the memory containing the read message. The msgp is overwritten with the actual message in the message queue, which contains the data in the structure struct msgbuf, and its length is defined by the msgsz parameter. The msgtyp parameter defines the message type that should be read from the message queue, where zero means the first message of the queue, and negative numbers define the absolute values of the message types that should be looked for. The msgflg parameter can be an OR'd combination of flags that specify the behavior of the system call, and can be set to zero to ignore them. Note that there may be security issues involved in the use of this system call, as it ignores the current user id and may allow attempts to read messages from another user's queue, depending on the settings of the system.

Arguments

  • msqid:int[K] - System-wide unique message queue identifier.
  • msgp:struct msgbuf*[KU] - Pointer to the memory that should contain the read message, in a structure that contains the data in the structure struct msgbuf.
  • msgsz:size_t[K] - Length of the message pointed by parameter msgp.
  • msgtyp:long[K] - Message type that should be read from the message queue, where zero means the first message of the queue, and negative numbers define the absolute values of the message types that should be looked for.
  • msgflg:int[K] - OR'd parameter that defines the behavior of the system call, and can be set to zero to ignore them.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

msgrcv

Type

KProbes

Purpose

Hook into the kernel function of msgrcv to monitor any calls made to the system call.

Example Use Case

Using msgrcv allows programs to read and fetch messages from message queues. For example, an application monitoring system can use it to read messages from the message queues of programs it is monitoring.

Issues

The potential security issues of reading messages from message queues of other users might be of concern. It is possible to set the environment of the system to the "no_root_squash" value for the NFS, to allow for users to use this system call safely.

  • msgsnd - System call that sends a message to a queue.
  • msgget - System call that retrieves a message queue identifier.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.