Race Conditions

• Expose a window of vulnerability
• Time of check different from time of use (TOCTOU) and not an atomic operation
• Vulnerable:
  • System objects (e.g. files) accessed across system calls (not atomic operations)
  • Program objects (e.g. variables) in multithreaded programs
• Example:

  if (can_access(file))
  	/* Window of vulnerability */
  	write_new_conents(file)
  

  The attacker can:

  $ touch my_file
  $ privileged_program my_file & 
  $ rm my_file 			# Must be executed within the window
  $ ln -s /etc/passwd my_file	# Must be executed within the window
  

• Countermeasures:
  • Use atomic operations (e.g. open/rename can create/rename a file or fail if the target file exists)
  • Use locking in multithreaded programs (e.g. synchronized in Java code)

• PreviousWindows Access Control
• Contents
• NextProblematic APIs

 Last change: Friday, July 4, 2003 2:19 pm
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.