Winning the race against TOCTOU vulnerabilities in C & C++ -- Ann G. Campbell

Save to:
Instapaper Pocket Readability

Researchers were surprised to find that their Time of Check to Time of Use (TOCTOU) attack succeeded 85% of the time, even when the critical operations were "separated only by a few milliseconds."

To better understand this vunlerability and what you can do, read:

Winning the race against TOCTOU vulnerabilities in C & C++

by G. Ann Campbell

From the article:

With TOCTOU, the idea is that there's a window of opportunity between when a privileged program checks a file (Does the file exist? Are permissions okay for what we're about to do? …)  and when it operates on that file (Create the file. Write to the file. …). In that window, an attacker could replace the file with e.g. a symlink to `/etc/passwd`, and the operation you meant to perform on `/home/ann/tmp` happens to an important system file instead.

Add a Comment

You must sign in or register to add a comment.

Comments (0)

There are currently no comments on this entry.