uname¶

Intro¶

uname - get the system name

Description¶

The uname() system call wraps the get_utsname() kernel function and is used to get information about the current system, including the system name, version and the release. The struct utsname argument, buf, passes the system information to user space.

Arguments¶

buf:struct utsname*[K, U] - pointer to a buffer to store the utsname struct.

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space (for example, pointer to user space memory used to get it)
TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
OPT - Optional argument - might not always be available (passed with null value)

Hooks¶

sys_uname¶

Type¶

Kprobes

Purpose¶

To trace when the uname() syscall is called and get the arguments passed.

Example Use Case¶

In a security monitoring system, the uname() syscall can be used to identify if a system is undergoing changes to its core characteristics.

Issues¶

None

The get_utsname() kernel function, from which this syscall originates.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.