waitid - Wait for processes or process groups to change state
waitid allows the caller to block until one of the caller's child processes changes state, or until a signal being caught by the caller is triggered. The caller may request information about the child process on which it blocked, its status and its resource usage data. If a process group ID is given, instead of a process ID,
waitid will wait for any member of the given process group to change state.
Due to time of check, time of use (TOCTOU), race conditions and similar issues,
waitid should be used carefully as the process changing state may not be the one expected and other issues may arise.
int[K] - Type of ID to wait for. It can be
pid_t[K] - Process or process group ID.
struct siginfo*[U] - Const pointer to a
siginfo_tstruct. If non NULL, the status of the child process will be stored there.
int[K] - Value can have the
WNOHANGflag set, amongst others.
struct rusage*[U] - Pointer to a
rusage_tstructure. If non NULL the resource usage data of the process on which it blocked will be stored there.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Trace when a
waitid syscall is executed.
Example Use Case¶
waitid can be used when a child process must complete a certain task before continuing execution. The calling process can wait for the child to change its state using
waitid, for example when the child terminates.
Due to TOCTOU-like issues,
waitid should be used with extra care as the process changing state may not be the one expected.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.