Skip to content

fchmod

Intro

fchmod - change the permissions of an open file.

Description

The fchmod() system call is used to change the permissions of an open file, specified by the file descriptor fd. Unlike chmod(), fchmod() operates on an open file descriptor, which eliminates certain race conditions that might occur when using chmod().

Arguments

  • fd:int[K] - File descriptor of the file whose permissions are to be changed.
  • mode:mode_t[K] - A bitmask of permission bits that will be used to set the new permissions.
* `S_ISUID (04000)`: Set-user-ID (sets process effective user ID on `execve(2)`)
* `S_ISGID (02000)`: Set-group-ID (sets process effective group ID on `execve(2)`; mandatory locking as described in `fcntl(2)`; takes a new file's group from parent directory as described in `chown(2)` and `mkdir(2)`)
* `S_ISVTX (01000)`: Sticky bit (restricted deletion flag as described in `unlink(2)`)
* `S_IRUSR (00400)`: Read by owner
* `S_IWUSR (00200)`: Write by owner
* `S_IXUSR (00100)`: Execute/search by owner ("search" applies for directories, allowing access to entries within)
* `S_IRGRP (00040)`: Read by group
* `S_IWGRP (00020)`: Write by group
* `S_IXGRP (00010)`: Execute/search by group
* `S_IROTH (00004)`: Read by others
* `S_IWOTH (00002)`: Write by others
* `S_IXOTH (00001)`: Execute/search by others

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space.
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use).
  • OPT - Optional argument - might not always be available (passed with null value).

Hooks

sys_fchmod

Type

Tracepoint (through sys_enter).

Purpose

To observe and trace when the fchmod() system call is performed, collecting information about the file descriptor and the new permissions being set.

Example Use Case

Monitoring changes in file permissions in a system, especially when dealing with sensitive or critical files.

Issues

The fchmod() system call avoids some of the TOCTOU issues associated with chmod() by operating on an open file descriptor.

  • chmod()
  • fchmodat()

This document was automatically generated by OpenAI and reviewed by a Human.