mq_getsetattr - sets and gets message queue attributes.
mq_getsetattr is responsible for setting and getting the attributes associated with a message queue.
When setting attributes, the process must own, or have superuser permissions, the message queue referenced by the mqdes argument.
When getting attributes, the process must have read, write, or execute permissions for the message queue referenced by the mqdes argument.
This event provides an efficient way to get the current attributes of an existing message queue or to change certain attribute values.
The possible attribute values that can be changed are those inside struct mq_attr (defined in /usr/include/bits/mqueue.h).
mqd_t[K,U] - holds a file descriptor that refers to an open message queue.
const struct mq_attr*[K,U] - points to a struct mq_attr that sets the attributes of the message queue.
struct mq_attr*[K,U] - points to the buffer that retrieves the current attributes of the message queue.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Hook this event so the attributes of the message queue can be monitored.
Example Use Case¶
The mq_getsetattr event may be useful in situations where it is important to track the current value of attributes associated with a particular message queue. For example, if an application is submitting messages to a queue and expecting responses, mq_getsetattr can be used to track the current time-out value of the queue or to see if the queue is still in a valid state.
When hooking sys_mq_getsetattr and collecting the return value, due to the possibility of userspace-triggered events, kernel-space values may contain invalid user address data.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.