TY - CONF
T1 - Fixing races for fun and profit
T2 - 14th USENIX Security Symposium
AU - Borisov, Nikita
AU - Johnson, Rob
AU - Sastry, Naveen
AU - Wagner, David
N1 - Funding Information:
We would like to thank Davd Molnar and the anonymous reviewers for their insightful comments and our shepherd, Eu-Jin Goh, for his help in preparing the final version of this p p .r This work was supported in part by the NSF under grants CCR-0093337 and CCF-0430585 and by the US Postal Service.
Funding Information:
We would like to thank David Molnar and the anonymous reviewers for their insightful comments and our shepherd, Eu-Jin Goh, for his help in preparing the final version of this paper. This work was supported in part by the NSF under grants CCR-0093337 and CCF-0430585 and by the US Postal Service.
Publisher Copyright:
© 2005 USENIX Association. All rights reserved.
PY - 2005
Y1 - 2005
N2 - Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in privileged Unix programs. The tools we develop can be used to attack other filesystem races, underscoring the importance of avoiding such races in secure software.
AB - Dean and Hu proposed a probabilistic countermeasure to the classic access(2)/open(2) TOCTTOU race condition in privileged Unix programs [4]. In this paper, we describe an attack that succeeds with very high probability against their countermeasure. We then consider a stronger randomized variant of their defense and show that it, too, is broken. We conclude that access(2) must never be used in privileged Unix programs. The tools we develop can be used to attack other filesystem races, underscoring the importance of avoiding such races in secure software.
UR - http://www.scopus.com/inward/record.url?scp=36048930400&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=36048930400&partnerID=8YFLogxK
M3 - Paper
AN - SCOPUS:36048930400
SP - 303
EP - 314
Y2 - 31 July 2005 through 5 August 2005
ER -