Content deleted Content added
ClueBot NG (talk | contribs) m Reverting possible vandalism by 2806:105E:15:4B59:282E:A40E:4009:3C to version by Rlink2. Report False Positive? Thanks, ClueBot NG. (4091311) (Bot) |
|||
Line 89:
Exploiting a TOCTOU race condition requires precise timing to ensure that the attacker's operations interleave properly with the victim's. In the example above, the attacker must execute the <code>symlink</code> system call precisely between the <code>access</code> and <code>open</code>. For the most general attack, the attacker must be scheduled for execution after each operation by the victim, also known as "single-stepping" the victim.
In the case of BSD 4.3 mail utility and <code>mktemp()</code>,<ref name="mktemp"/> the attacker can simply keep launching mail utility in one process, and keep guessing the temporary file names and keep making symlinks in another process. The attack can usually succeed in less than one minute.
Techniques for single-stepping a victim program include file system mazes<ref>{{cite journal
| |||