chown¶

Intro¶

chown - change the owner and group of a file.

Description¶

The chown() system call is used to change the owner and group of a specified file or directory, determined by the parameter pathname. The new owner and group are specified by the owner and group arguments respectively.

Arguments¶

pathname:const char*[U,TOCTOU] - Path to the file or directory whose owner and group are to be changed.
owner:uid_t[K] - User identifier of the new owner.
group:gid_t[K] - Group identifier of the new group.

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space.
TOCTOU - Vulnerable to TOCTOU (time of check, time of use).
OPT - Optional argument - might not always be available (passed with null value).

Hooks¶

sys_chown¶

Type¶

Tracepoint (through sys_enter).

Purpose¶

To observe and trace when the chown() system call is performed, collecting information about the file or directory, and the new owner and group.

Example Use Case¶

Monitoring changes in file or directory ownership in a system, especially when dealing with sensitive or critical files and directories.

Issues¶

The chown() system call can be subjected to TOCTOU issues, where the file or directory specified by pathname could be changed between the time of check and the time of use, leading to potential security risks.

Using fchownat() deals with the symlink situation, removing the TOCTOU issue in that case.

fchown()
fchownat()
lchown()

This document was automatically generated by OpenAI and reviewed by a Human.