sendfile32 - used to copy data between two file descriptors
sendfile32 is a system call used to copy data between two file descriptors. It is used to copy data using zero copy system calls, which can potentially improve the performance when dealing with large IO sizes. The operation may fail or complete with a partial result, depending on the size of the data being sent.
Advantages of using sendfile32 include its ability to do zero-copy IO and to handle large IO requests. Drawbacks include the fact that it can only be used to send data from one file descriptor to another, and that it is not atomic and therefore vulnerable to time-of-check/time-of-use (TOCTOU) race conditions.
int- file descriptor from which data is to be read.
int- file descriptor to which data is to be written.
off_t*[U,TOCTOU] - pointer to an offset to start reading from the
size_t[OPT] - the number of byte to copy. If not passed, the value is assumed to be the size of the file.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Kprobe + Kretprobe
Used to trace each time the system call is executed.
Example Use Case¶
A monitoring system might use this event to track the rate at which each user is copying data from one file descriptor to another.
sendfile32 is not atomic and therefore vulnerable to time of check/time of use (TOCTOU) race conditions.
- execve: used to call the sendfile32 system call.
- pread: used to read data from a file descriptor.
- write: used to write data to a file descriptor.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.