Content deleted Content added
Ira Leviton (talk | contribs) m Fixed a language parameter in a citation. Please see Category:CS1_maint:_unrecognized_language or Template:Citation_Style_documentation/language/doc. |
Citation bot (talk | contribs) Alter: template type. Add: s2cid, isbn, pages, journal, author pars. 1-1. Removed parameters. Formatted dashes. Some additions/deletions were actually parameter name changes. Upgrade ISBN10 to ISBN13. | You can use this bot yourself. Report bugs here. | Suggested by AManWithNoPlan | All pages linked from cached copy of User:AManWithNoPlan/sandbox2 | via #UCB_webform_linked 2945/3332 |
||
Line 4:
| url=https://www.usenix.org/conference/fast-05/tocttou-vulnerabilities-unix-style-file-systems-anatomical-study
| title=TOCTTOU Vulnerabilities in UNIX-Style File Systems: An Anatomical Study
|
|
| last2=Pu
| first2=Calton
Line 31:
| url-status=dead
| archiveurl=https://web.archive.org/web/20170213004928/http://www.employees.org/~satch/ssh/faq/TheWholeSSHFAQ.html
| archivedate=2017-02-13 }}</ref> They remain a problem in modern systems; as of 2019, a TOCTOU race condition in [[Docker (software)|Docker]] allows root access to the filesystem of the host platform.<ref>{{Cite
| url=https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system
| title=Docker Bug Allows Root Access to Host File System
Line 107:
| volume=14
| pages=303–314
| citeseerx=10.1.1.117.7757 }}</ref> and algorithmic complexity attacks.<ref>{{cite
| author1=Xiang Cai
| author2=Yuwei Gui
Line 113:
| first3=Rob
| title=Exploiting Unix File-System Races via Algorithmic Complexity Attacks
|
| url=https://www3.cs.stonybrook.edu/~rob/papers/races2.pdf
| ___location=Berkeley, CA
| date=May 2009
| pages=27–41
| doi=10.1109/SP.2009.10
| isbn=978-0-7695-3633-0
| s2cid=6393789
}}</ref> In both cases, the attacker manipulates the OS state to control scheduling of the victim.
| |||