4th USENIX Conference on File and Storage TechnologiesAbstract
Pp. 155167 of the Proceedings
TOCTTOU Vulnerabilities in UNIX-Style File Systems: An Anatomical Study
Jinpeng Wei and Calton Pu, Georgia Institute of Technology
To Time of Use (TOCTTOU) vulnerabilities in Unix-style
file systems (e.g., Linux) are difficult to find and
prevent. We describe a comprehensive model of
TOCTTOU vulnerabilities, enumerating 224 file system
call pairs that may lead to successful TOCTTOU
attacks. Based on this model, we built kernel monitoring
tools that confirmed known vulnerabilities and discovered
new ones (in often-used system utilities such
as rpm, vi, and emacs). We evaluated the probability of
successfully exploiting these newly discovered vulnerabilities
and analyzed in detail the system events during
such attacks. Our performance evaluation shows
that the dynamic monitoring of system calls introduces
non-negligible overhead in microbenchmark of those
file system calls, but their impact on application
benchmarks such as Andrew and PostMark is only a
- View the full text of this paper in <!~~ CHANGE ~~>HTML and PDF.
<!~~ CHANGE ~~>
Until December 2006, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2005 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.