Fixing races for fun and profit: How to abuse atime

Nikita Borisov; Rob Johnson; Naveen Sastry; David Wagner

Fixing races for fun and profit: How to abuse atime

Nikita Borisov, Rob Johnson, Naveen Sastry, David Wagner

Research output: Contribution to conference › Paper › peer-review

Abstract

Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in privileged Unix programs. The tools we develop can be used to attack other filesystem races, underscoring the importance of avoiding such races in secure software.

Original language	English (US)
Pages	303-314
Number of pages	12
State	Published - 2005
Externally published	Yes
Event	14th USENIX Security Symposium - Baltimore, United States Duration: Jul 31 2005 → Aug 5 2005

Conference

Conference	14th USENIX Security Symposium
Country/Territory	United States
City	Baltimore
Period	7/31/05 → 8/5/05

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Library availability

Discover UIUC Full Text

Cite this

@conference{13ab948ed6c240e3a07d5a0354883c39,

title = "Fixing races for fun and profit: How to abuse atime",

abstract = "Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in privileged Unix programs. The tools we develop can be used to attack other filesystem races, underscoring the importance of avoiding such races in secure software.",

author = "Nikita Borisov and Rob Johnson and Naveen Sastry and David Wagner",

note = "Funding Information: We would like to thank Davd Molnar and the anonymous reviewers for their insightful comments and our shepherd, Eu-Jin Goh, for his help in preparing the final version of this p p .r This work was supported in part by the NSF under grants CCR-0093337 and CCF-0430585 and by the US Postal Service. Funding Information: We would like to thank David Molnar and the anonymous reviewers for their insightful comments and our shepherd, Eu-Jin Goh, for his help in preparing the final version of this paper. This work was supported in part by the NSF under grants CCR-0093337 and CCF-0430585 and by the US Postal Service. Publisher Copyright: {\textcopyright} 2005 USENIX Association. All rights reserved.; 14th USENIX Security Symposium ; Conference date: 31-07-2005 Through 05-08-2005",

year = "2005",

language = "English (US)",

pages = "303--314",

}

TY - CONF

T1 - Fixing races for fun and profit

T2 - 14th USENIX Security Symposium

AU - Borisov, Nikita

AU - Johnson, Rob

AU - Sastry, Naveen

AU - Wagner, David

N1 - Funding Information: We would like to thank Davd Molnar and the anonymous reviewers for their insightful comments and our shepherd, Eu-Jin Goh, for his help in preparing the final version of this p p .r This work was supported in part by the NSF under grants CCR-0093337 and CCF-0430585 and by the US Postal Service. Funding Information: We would like to thank David Molnar and the anonymous reviewers for their insightful comments and our shepherd, Eu-Jin Goh, for his help in preparing the final version of this paper. This work was supported in part by the NSF under grants CCR-0093337 and CCF-0430585 and by the US Postal Service. Publisher Copyright: © 2005 USENIX Association. All rights reserved.

PY - 2005

Y1 - 2005

N2 - Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in privileged Unix programs. The tools we develop can be used to attack other filesystem races, underscoring the importance of avoiding such races in secure software.

AB - Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in privileged Unix programs. The tools we develop can be used to attack other filesystem races, underscoring the importance of avoiding such races in secure software.

UR - http://www.scopus.com/inward/record.url?scp=36048930400&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=36048930400&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:36048930400

SP - 303

EP - 314

Y2 - 31 July 2005 through 5 August 2005

ER -

Fixing races for fun and profit: How to abuse atime

Abstract

Conference

ASJC Scopus subject areas

Library availability

Related links

Fingerprint

Cite this