Revision as of 07:09, 18 July 2011 edit Nbarth (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers, Rollbackers 35,278 edits →Preventing TOCTTOU: EAFP ← Previous edit		Revision as of 09:20, 20 July 2011 edit undo Thumperward (talk \| contribs) Administrators 123,444 edits →Preventing TOCTTOU: tag Next edit →
Line 62: == Preventing TOCTTOU == Despite conceptual simplicity, TOCTTOU race conditions are difficult to avoid and eliminate. One general technique is to use [[exception handling]] instead of checking, under the philosophy of [[EAFP]] "It is easier to ask for forgiveness than permission" rather than LBYL "look before you leap" – in this case there is no check, and failure of assumptions to hold are detected at use time, by an exception.{{or}} In the context of file system TOCTTOU race conditions, the fundamental challenge is ensuring that the file system cannot be changed between two system calls. In 2004, an impossibility result was published, showing that there was no portable, deterministic technique for avoiding TOCTTOU race conditions.<ref>[http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.83.8647 Dean, Drew; and Hu, Alan J.; 2004; ''Fixing races for fun and profit: How to use access(2)''; Proceedings of the 13th USENIX Security Symposium, San Diego (CA), August 9–13, 2004, pp. 195–206]</ref>

Time-of-check to time-of-use: Difference between revisions