Fixing races for fun and profit: how to use access(2)

  • Authors:
  • Drew Dean;Alan J. Hu

  • Affiliations:
  • Computer Science Laboratory, SRI International;Dept. of Computer Science, University of British Columbia

  • Venue:
  • SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
  • Year:
  • 2004

Quantified Score

Hi-index 0.00

Visualization

Abstract

It is well known that it is insecure to use the access(2) system call in a setuid program to test for the ability of the program's executor to access a file before opening said file. Although the access(2) call appears to have been designed exactly for this use, such use is vulnerable to a race condition. This race condition is a classic example of a time-of-check-to-time-of-use (TOCTTOU) problem. We prove the "folk theorem" that no portable, deterministic solution exists without changes to the system call interface, we present a probabilistic solution, and we examine the effect of increasing CPU speeds on the exploitability of the attack.