Revision as of 09:22, 30 May 2019 edit The Anome (talk \| contribs) Edit filter managers, Administrators 260,126 edits →Preventing TOCTOU: transactions Tag: 2017 wikitext editor ← Previous edit		Revision as of 17:02, 30 May 2019 edit undo The Anome (talk \| contribs) Edit filter managers, Administrators 260,126 edits →Preventing TOCTOU: fmt Tag: Visual edit Next edit →
Line 65: == Preventing TOCTOU == Despite conceptual simplicity, TOCTOU race conditions are difficult to avoid and eliminate. One general technique is to use [[exception handling]] instead of checking, under the philosophy of ~~'''~~EAFP~~'''~~ – "It is easier to ask for forgiveness than permission" rather than ~~'''~~LBYL~~'''~~ – "look before you leap" – in this case there is no check, and failure of assumptions to hold are detected at use time, by an exception.<ref>{{cite book \|last=Martelli \|first=Alex \|authorlink=Alex Martelli \|year=2006 \|title=Python in a Nutshell \|edition=2nd \|chapter=Chapter 6: Exceptions \|publisher=[[O'Reilly Media]] \|isbn=978-0-596-10046-9 \|page=134}}</ref> In the context of file system TOCTOU race conditions, the fundamental challenge is ensuring that the file system cannot be changed between two system calls. In 2004, an impossibility result was published, showing that there was no portable, deterministic technique for avoiding TOCTOU race conditions.<ref>{{cite web \|last1=Dean \|first1=Drew \|last2=Hu \|first2=Alan J. \|year=2004 \|title=Fixing Races for Fun and Profit: How to use access(2) \|work=Proceedings of the 13th USENIX Security Symposium, San Diego (CA), August 9–13, 2004 \|pages=195–206 \|url=http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.83.8647}}</ref>

Time-of-check to time-of-use: Difference between revisions