In any multi-threaded OS, there’s a window of opportunity between when a privileged program checks a file and when it operates on that file. In that window, an attacker could swap out the file so the operation you meant to perform on /home/ann/tmp happens to an important system file instead.

Security is an eternal race between the techniques and technologies of attackers and those of the defenders. Today, I’m proud to announce a step forward for defenders with a new rule to detect a literal race condition: TOCTOU (or TOCTTOU) vulnerabilities, known in long-form as Time Of Check (to) Time Of Use.

With TOCTOU, the idea is that there’s a window of opportunity between when a privileged program checks a file (Does the file exist? Are permissions okay for what we’re about to do? …) and when it operates on that file (Create the file. Write to the file. …). In that window, an attacker could replace the file with e.g. a symlink to /etc/passwd, and the operation you meant to perform on /home/ann/tmp happens to an important system file instead.

#security #c-and-cpp #sast