fchown16 - Change the owner and group of the file referred to by the file descriptor.
The fchown16() system call changes the ownership of the file referred to by the file descriptor fd. The effective user ID of the process must match the existing owner of the file, or the process must have the appropriate privilege.
This system call is equivalent to using fchownat() with the flag AT_EMPTY_PATH flag set.
There are some drawbacks associated with using fchown16. First, fchown16 does not work on systems without a 16-bit UID/GID model, such as the Linux kernel. Second, it can potentially be insecure since it is not atomic, so it can be vulnerable to race conditions like TOCTOU (time of check, time of use).
unsigned intK - The file descriptor of the file.
old_uid_tK - The user ID of the new owner.
old_gid_tK - The group ID of the new group.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU- Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Kprobe + Kretprobe
To track changes in the ownership of files.
Example Use Case¶
An application might use this system call to ensure that only certain users are able to access certain files or directories.
This system call is not available on systems without a 16-bit UID/GID model, such as the Linux kernel. Additionally, the system call can be vulnerable to race conditions like TOCTOU (time of check, time of use).
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.