Fixing races for fun and profit: how to abuse atime

Authors:
Nikita Borisov;Rob Johnson;Naveen Sastry;David Wagner
Affiliations:
University of California, Berkeley;University of California, Berkeley;University of California, Berkeley;University of California, Berkeley
Venue:
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Year:
2005

Citing 7
Cited 9

Experience with transactions in QuickSilver

SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Setuid Demystified

Proceedings of the 11th USENIX Security Symposium
Secure Applications Need Flexible Operating Systems

HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Noninterference and Intrusion Detection

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
The Confused Deputy: (or why capabilities might have been invented)

ACM SIGOPS Operating Systems Review
Dynamic detection and prevention of race conditions in file accesses

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Fixing races for fun and profit: how to use access(2)

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Secretly monopolizing the CPU without superuser privileges

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Portably solving file TOCTTOU races with hardness amplification

FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Portably solving file races with hardness amplification

ACM Transactions on Storage (TOS)
On Race Vulnerabilities in Web Applications

DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Dynamic optimization for efficient strong atomicity

Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Operating System Transactions

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Protecting applications against TOCTTOU races by user-space caching of file metadata

VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Holographic vulnerability studies: vulnerabilities as fractures in interpretation as information flows across abstraction boundaries

Proceedings of the 2012 workshop on New security paradigms
Process firewalls: protecting processes during resource access

Proceedings of the 8th ACM European Conference on Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in privileged Unix programs. The tools we develop can be used to attack other filesystem races, underscoring the importance of avoiding such races in secure software.