CWE --- Time-of-check Time-of-use (TOCTOU) 例子 和 mitigation
来源:互联网 发布:五分彩计划软件 编辑:程序博客网 时间:2024/05/17 01:35
原文地址:
https://cwe.mitre.org/data/definitions/367.html
Example 1
The following code checks a file, then updates its contents.
Potentially the file could have been updated between the time of the check and the lstat, especially since the printf has latency.
Example 2
The following code is from a program installed setuid root. The program performs certain file operations on behalf of non-privileged users, and uses access checks to ensure that it does not use its root privileges to perform operations that should otherwise be unavailable the current user. The program uses the access() system call to check if the person running the program has permission to access the specified file before it opens the file and performs the necessary operations.
The call to access() behaves as expected, and returns 0 if the user running the program has the necessary permissions to write to the file, and -1 otherwise. However,because both access() and fopen() operate on filenames rather than on file handles, there is no guarantee that the file variable still refers to the same file on disk when it is passed to fopen() that it did when it was passed to access().If an attacker replaces file after the call to access() with a symbolic link to a different file, the program will use its root privileges to operate on the file even if it is a file that the attacker would otherwise be unable to modify. By tricking the program into performing an operation that would otherwise be impermissible, the attacker has gained elevated privileges. This type of vulnerability is not limited to programs with root privileges. If the application is capable of performing any operation that the attacker would not otherwise be allowed perform, then it is a possible target.
Example 3
This code prints the contents of a file if a user has permission.
This code attempts to resolve symbolic links before checking the file and printing its contents. However, an attacker may be able to change the file from a real file to a symbolic link between the calls to is_link() and file_get_contents(), allowing the reading of arbitrary files. Note that this code fails to log the attempted access (CWE-778).
Mitigation (预防措施):
- CWE --- Time-of-check Time-of-use (TOCTOU) 例子 和 mitigation
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
- Time of check to time of use
- CWE-908: Use of Uninitialized Resource
- CWE -- Out-of-bounds Write 例子
- Time of error: Reason:Check the details的解决办法
- IBM e-learning : Analyze Your Use of Time
- IBM e-learning : Analyze Your Use of Time (overview)
- the first time use the header of zlib.h
- System times on machines may be out of sync. Check system time and time zones.
- CWE-469: Use of Pointer Subtraction to Determine Size
- The passage of time
- Ashes of time
- Time Management of Linux
- The Value of Time
- The Passage of Time
- A Head of Time
- Ashes of Time
- 【Lucas定理】FZU2020
- 02-线性结构4 Pop Sequence (25分)
- HDFS NameNode内存详解
- Android插件化基础之加载已安装的apk资源
- NEO4J数据处理及显示功能
- CWE --- Time-of-check Time-of-use (TOCTOU) 例子 和 mitigation
- 集成度相当高的下拉刷新控件
- 约瑟夫问题
- Markdown编辑器使用方法留存
- mysql驱动版本不同
- scrollIntoView
- php多进程 防止出现僵尸进程
- Java学习之File
- 第七届蓝桥杯大赛个人赛(软件类)决赛——机器人塔