13 lines
1.1 KiB
Plaintext
13 lines
1.1 KiB
Plaintext
"Time Of Check to Time Of Use" (TOCTOU) vulnerabilities occur when an application:
|
|
|
|
* First, checks permissions or attributes of a file: for instance, is a file a symbolic link?
|
|
* Next, performs some operations such as writing data to this file.
|
|
|
|
The application cannot assume the state of the file is unchanged between these two steps, there is a race condition (ie: two different processes can access and modify the same shared object/file at the same time, which can lead to privilege escalation, denial of service and other unexpected results).
|
|
|
|
|
|
For instance, attackers can benefit from this situation by creating a symbolic link to a sensitive file directly after the first step (eg in Unix: ``++/etc/passwd++``) and try to elevate their privileges (eg: if the written data has the correct ``++/etc/passwd++`` file format).
|
|
|
|
|
|
To avoid TOCTOU vulnerabilities, one possible solution is to do a single atomic operation for the "check" and "use" actions, therefore removing the race condition window. Another possibility is to use file descriptors. This way the binding of the file descriptor to the file cannot be changed by a concurrent process.
|