Portably preventing file race attacks with user-mode path resolution Academic Article uri icon

abstract

  • Page 1. Storage Developer Conference 2008 © 2008 IBM. All Rights Reserved. www.storage-developer.org Portably Preventing File Race Attacks with User-Mode Path Resolution IBM Research Dan Tsafrir Microsoft Research Tomer Hertz UC Berkeley David Wagner IBM Research dilmasilva@us.ibm.com Dilma Da Silva Page 2. Storage Developer Conference 2008 © 2008 IBM. All Rights Reserved. www.storage-developer.org ❒ Given a “check use” pair of file operations: TOCTTOU (Time Of Check To Time Of Use) 1) Check something about filename “f” 2) Based on the result, use “f” in some way • A TOCTTOU race condition lurks here Page 3. Storage Developer Conference 2008 © 2008 IBM. All Rights Reserved. www.storage-developer. org Example 1: garbage collector root unlink ( /tmp/etc/passwd ) readdir ( /tmp ) lstat ( /tmp/etc ) readdir ( /tmp/etc ) lstat ( /tmp/etc/passwd ) attacker mkdir ( /tmp/etc ) …

publication date

  • June 1, 2008