Time of Check to Time of Use

Time of check to time of use (TOCTTOU) is a race condition that affects software. While you read, pay attention to the mechanics of a TOCTTOU attack as provided in the attack examples. Remember the most common platform where you might find a TOCTTOU bug. What methods can be used to prevent TOCTTOU from occurring in UNIX and in Microsoft Windows?

1. Introduction

In software development, time of check to time of use (TOCTTOU or TOCTOU, pronounced "TOCK too") is a class of software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. This is one example of a race condition.

A simple example is as follows: Consider a Web application that allows a user to edit pages, and also allows administrators to lock pages to prevent editing. A user requests to edit a page, getting a form which can be used to alter its content. Before the user submits the form, an administrator locks the page, which should prevent editing. However, since editing has already begun, when the user submits the form, those edits (which have already been made) are accepted. When the user began editing,the appropriate authorization was checked, and the user was indeed allowed to edit. However, the authorization was used later, at a time when edits should no longer have been allowed. 

TOCTTOU race conditions are most common in Unix between operations on the file system, but can occur in other contexts, including local sockets and improper use of database transactions. In the early 1990s, the mail utility of BSD 4.3 UNIX had an exploitable race condition for temporary files because it used the mktemp() C library function. Early versions of Open SSH had an exploitable race condition for Unix domain sockets.

Source: https://web.cecs.pdx.edu/~markem/CS333/handouts/tocttou.pdf
Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.