|
In [[Computer Security]], aA '''time-of-check-to-time-of-use bug''' ('''TOCTTOU''' − pronounced "TOCK too") is a [[Softwaresoftware bug|bug]] iscaused by changes in a specificsystem typebetween the ''checking'' of [[racea condition]] that(such existsas ina security-conscious [[software]],credential) leadingand tothe ''use'' of the results of that check. It is a kind of [[securityrace vulnerabilitycondition]].
A simple example is as follows: Consider a Web application that allows a user to edit pages, but allows administrators to lock pages to prevent editing. A user requests to edit a page, getting a form by which they can alter its content. Before the user submits the form, an administrator locks the page, which should prevent editing. However, since the user has already begun editing, when they submit the form, their edits are accepted. When the user began editing, their authorization was ''checked'', and they were indeed allowed to edit. However, the authorization was ''used'' later, after they should no longer have been allowed.
The race condition exists between the ''time of check'' of a property, and the ''time of use'' of said property.
== Example ==
Suppose Mallet, a malicious Wikipedia visitor, wished to [[Web site defacement|deface]] the Wikipedia [[Main Page]]. The Main Page and all images on it are normally [[Wikipedia:Protected_page|protected from modification]] by non-administrators to prevent precisely this kind of [[Wikipedia:Vandalism|vandalism]].
Mallet proposes some article ''A'' as a [[featured article]], so that a blurb of article ''A'' will appear on the Main Page. If the article text itself contained suspicious material, it would immediately be noticed, so what Mallet intends to do is arrange for the image to be not locked.
Consider this hypothetical model for the process for including an article ''A'' on the Main Page:
# Check that images in ''A'' are locked.
# Copy first paragraph of current version of ''A'' to Main Page, and include the linked image.
Article ''A'' normally shows an image I.jpg. If Mallet could modify article ''A'' exactly between steps 1 and 2 so that the image pointed instead to I1.jpg, an initially identical looking image, then initially the Main Page would look fine. But in fact Mallet has engineered an unlocked image onto the Main Page. He is now free to change the image at will while it is displayed on the Main Page.
This would be a ''time-of-check-to-time-of-use'' error in the featured article inclusion process. The solution in this case would be for step 2 to copy the same version of ''A'' that step 1 looked at.
== ''access'' Example ==
| 