Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Fixing Races for Fun and Profit: How to Abuse atime
Tweet

connect with us

Fixing Races for Fun and Profit: How to Abuse atime

Abstract: 

Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in privileged Unix programs. The tools we develop can be used to attack other filesystem races, underscoring the importance of avoiding such races in secure software.

Nikita Borisov, University of California, Berkeley

Rob Johnson, University of California, Berkeley

Links

Paper (HTML): 
http://usenix.org/publications/library/proceedings/sec05/tech/full_papers/boriso...
Paper: 
http://usenix.org/publications/library/proceedings/sec05/tech/full_papers/boriso...
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Conference Policies
  • Contact Us