Time of check to time of use (TOCTTOU) vulnerabilities exist due to race conditions arising from an invalid assumption: That nothing affecting the validity of a security assertion changes between the time it is checked and the time an operation that depends on that assertion is performed. In fact, it is quite possible that the security of the environment changes with respect to the assertion during this interval. If these changes are cleverly timed and orchestrated, the operation may result in a security breach. This paper characterizes this particular category of security vulnerabilities, describes various types of TOCTTOUs and particular situations in which they have arisen historically, and presents a short set of guidelines for reducing or eliminating these flaws.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
