Revision as of 21:54, 5 December 2020 edit Evilninja (talk \| contribs) Extended confirmed users, IP block exemptions 1,812 edits m https everywhere! ← Previous edit		Revision as of 21:17, 7 December 2020 edit undo Davemck (talk \| contribs) Extended confirmed users 135,345 edits m Clean up duplicate template arguments using findargdups Next edit →
Line 112: \| last3=Johnson \| first3=Rob ~~\| date=2009-03-06~~ \| title=Exploiting Unix File-System Races via Algorithmic Complexity Attacks \| work=Proceedings of the [[IEEE]] Symposium on Security and Privacy \| url=https://www3.cs.stonybrook.edu/~rob/papers/races2.pdf \| ___location=Berkeley, CA \| date=May 2009 \| doi=10.1109/SP.2009.10 }}</ref> In both cases, the attacker manipulates the OS state to control scheduling of the victim. File system mazes force the victim to read a directory entry that is not in the OS cache, and the OS puts the victim to sleep while it is reading the directory from disk. Algorithmic complexity attacks force the victim to spend its entire scheduling quantum inside a single system call traversing the kernel's hash table of cached file names. The attacker creates a very large number of files with names that hash to the same value as the file the victim will look up.

Time-of-check to time-of-use: Difference between revisions