Skip to content

mkdir

Intro

mkdir - Creates a directory named pathname.

Description

The mkdir() system call creates a directory named pathname. It is eight bits of the Mode that contain the Unix permission bits for the newly created directory. The permissions of new directories are as follows:

Usr/Grp/Oth: rwxr-xr-x

The newly created directory inherits its group identity from the parent directory. This system call follows symbolic links and fails if the directory already exists or if a directory component in pathname does not exist or is a dangling symbolic link. On success, zero is returned.

Arguments

  • pathname:const char*[K,U] - Pointer to a string containing the name of the directory to be created.
  • mode:mode_t[K,U] - A bit pattern that serves as the file permission bits for the new directory.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

sys_mkdir

Type

Kprobe

Purpose

Monitor and observe when mkdir system calls are invoked with specific argument values, or to monitor and observe mkdir system calls in general.

Example Use Case

The mkdir system call could be used to monitor new directory creation. This can be useful to detect malicious activities such as directory traversal or privilege escalation.

Issues

No known issues

  • open
  • access
  • stat

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.