Content deleted Content added
Fix grammatical errors. |
databases too |
||
Line 3:
A simple example is as follows: Consider a Web application that allows a user to edit pages, but allows administrators to lock pages to prevent editing. A user requests to edit a page, getting a form by which he can alter its content. Before the user submits the form, an administrator locks the page, which should prevent editing. However, since the user has already begun editing, when he submits the form, his edits are accepted. When the user began editing, his authorization was ''checked'', and he was indeed allowed to edit. However, the authorization was ''used'' later, after he should no longer have been allowed.
TOCTTOU race conditions are most common in UNIX file systems, specifically between operations on [[File system#Metadata | File system]], but can occur in other contexts, including local sockets and improper use of [[Database transaction | Database transactions]]. Early versions of OpenSSH had an exploitable race condition for UNIX ___domain sockets<ref>Steve Acheson; [http://www.employees.org/~satch/ssh/faq/TheWholeSSHFAQ.html SSH FAQ].</ref>.
== ''access'' Example ==
| |||