Wikipedia

Time-of-check to time-of-use: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Line 45:
|}
 
In this example, an attacker can exploit the race condition between the access and open to trick the setuid victim into overwriting an entry in the system password database. TOCTTOU races can be used for [[privilege escalation]], to get administrative access to a machine.
 
Although this sequence of events requires precise timing, it is possible for an attacker to arrange such conditions without too much difficulty.
Retrieved from "https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use"