timer_create - creates a per-process timer
timer_create() is a system call used to create a per-process timer that sends a signal when it expires. It is a function that creates a timer with a specified clock (
CLOCK_MONOTONIC_COARSE) and it accepts a
sigevent structure that has information about the signal that will be sent when the timer is triggered. The timer ID is returned in the
timer_t pointer that is one of the parameters of the syscall.
timer_create() syscall is useful for applications which need to be woken up at a particular time for a certain task. For example, a process can use
timer_create() to cause a signal to be sent when a certain amount of time has passed.
const clockid_t[K] - identifier of the clock to be used (realtime, monotonic etc...)
struct sigevent*[KU] - pointer to sigevent structure which includes information about the signal that will be sent when the timer expires.
timer_t[K] - pointer to the created timer´s ID.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
Trigger events when timer_create is executed
Example Use Case¶
For example, timer_create is used to set up asynchronous events to trigger a signal after a certain amount of time. This can be used in applications that need a certain action to be performed at a certain time, such as scheduling a task or sending an alert to the user after a certain amount of time.
The main problem with timer_create is that it is susceptible to Time of Check to Time of Use (TOCTOU) attacks. This means that the timer can be triggered before the desired time, thus allowing malicious actors to do their deed before the timer has expired.
timer_settime()- used to arm the timer created with
timer_delete()- used to delete a timer created with
timer_gettime()- used to get the remaining time of a timer created with
timer_getoverrun()- used to get the number of missed occurrences of the timer created with
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.