Revision as of 17:09, 12 June 2010 edit 76.5.207.153 (talk) Fixed File System link ← Previous edit		Revision as of 17:10, 12 June 2010 edit undo 76.5.207.153 (talk) Fixed Link again Next edit →
Line 3: A simple example is as follows: Consider a Web application that allows a user to edit pages, but allows administrators to lock pages to prevent editing. A user requests to edit a page, getting a form by which they can alter its content. Before the user submits the form, an administrator locks the page, which should prevent editing. However, since the user has already begun editing, when they submit the form, their edits are accepted. When the user began editing, their authorization was ''checked'', and they were indeed allowed to edit. However, the authorization was ''used'' later, after they should no longer have been allowed. TOCTTOU race conditions are most common in UNIX file systems, specifically between operations on [[File system#~~metadata~~Metadata \| File system]], but can occur in other contexts, including local sockets. Early versions of OpenSSH had an exploitable race condition for UNIX ___domain sockets<ref>Steve Acheson; [http://www.employees.org/~satch/ssh/faq/TheWholeSSHFAQ.html SSH FAQ].</ref>. == ''access'' Example ==

Time-of-check to time-of-use: Difference between revisions