ipc - System call used traditionally to communicate between processes over a network or through I/O channels.
ipc system call is used to communicate between processes, either over a network or through I/O channels. It takes a set of arguments which indicate the direction of communication and the parameters needed to set up the communication. The call can be used to either send or receive messages and data to/from a remote process or I/O channel.
This system call is useful for the exchange of information between processes without the need for a separate protocol or application-level code. It can also be used for process synchronization, where two or more processes wait for one another to take certain actions before proceeding.
unsigned int- Specifies which action to take (e.g. send, receive, etc.)
int- Generally a process ID, or an identifier for the resource to be accessed.
unsigned long[OPT] - Additional information for the call, such as the address of a buffer for data transfer.
unsigned long[K] - Optional data buffer address, used in some commands to transfer data between processes.
void*[K] - Pointer to a variable where the actual result of the call is stored if the call was successful.
long[OPT] - Used to specify additional flags or options for the call, such as permissions or timeouts.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Kprobes / Kretprobes
To monitor the interaction between processes and the IPC channels.
Example Use Case¶
ipc system call could be used to send a simple message from one process to another. In this case, the message and all associated data could be sent and received within a single call.
ipc call is vulnerable to race conditions when used with the
IPC_NOWAIT option, as the command may return before the requested operation is complete.
msgget- creates a System V message queue
msgsnd- sends a message to a System V message queue
msgrcv- receives a message from a System V message queue
shmget- creates a System V shared memory segment
shmat- attaches a System V shared memory segment to the calling process
semget- creates a System V semaphore set
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.