sethostname - a syscall to set the system's hostname
The sethostname() system call is used to set the system's hostname. The hostname is a single component of the fully qualified domain name (FQDN) of a system. The sethostname() call takes two arguments; the first argument is a pointer to a character string specifying the host name, and the second argument is the size of the character string pointed to by the first argument. The system hostname is limited to a maximum length of __HOST_NAME_MAX bytes (defined in limits.h) not including the NUL terminator.
The sethostname() call does not make any consistency checks for the given hostname. The only requirement for setting the hostname is that it should be a valid NUL terminated character string. It is up to the caller to ensure that the hostname is valid and properly formatted.
The sethostname() call is provided for compatibility with BSD systems. It is recommended that applications use sethostname() with caution and verify that the hostname is properly formed.
const char*[KU] - Pointer to a character string specifying the system's hostname.
size_t[K] - Length of the character string specified by name.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Kprobe + Kretprobe
To record system calls and argument passing information.
Example Use Case¶
The sethostname() system call can be used to set the hostname of a system. This can be useful in cloud environments, where automated scripts can set hostnames based on the environment they're running in.
The sethostname() call does not verify the hostname given to it. This can be a security issue if an attacker is able to manipulate the parameters being passed.
To mitigate this, it is important to always verify the hostname being passed to the sethostname() call.
- gethostname() - retrieve the system's hostname.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.