Skip to content

stime

Intro

stime - set the system's date and time

Description

The stime system call sets the system's idea of the current calendar time and time of day. The time argument is the time in seconds since the epoch, and time should always be non-negative. The time argument is interpreted as UTC by the kernel. The syscall does not check whether any arguments are out of range, leading to a potential TOCTOU (time of check, time of use) vulnerability.

Arguments

  • t:const time_t*[K] - timestamp of current time in seconds since the Epoch.

Available Tags

  • K - Originated from kernel-space.

Hooks

sys_stime

Type

Kprobes

Purpose

To log the invocation of the stime() system call.

Example Use Case

The stime system call can be used to manually adjust the system time. One example use case can be to periodically invoke this system call to keep the system time in sync with an NTP server.

Issues

Due to the lack of input sanitation, this system call has been found vulnerable to TOCTOU (Time of Check / Time of Use) vulnerability in certain cases.

  • nanosleep - to suspend execution of the current thread.
  • clock_settime - to change the current time of a clock relative to an epoch

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.