Secure Software Design - Race Conditions

Question 1

What is a race condition?

Answer 1

A situation where a program’s output depends on the timing of uncontrollable events.

Question 2

Fill in the blank: Race conditions often occur due to ______ in resource handling timing.

Answer 2

Gaps

Question 3

Explain the Time-of-Check to Time-of-Use (TOCTOU) vulnerability.

Answer 3

A race condition where attackers exploit the time gap between checking a resource and using it to manipulate access or data.

Question 4

What is a common exploit method for TOCTOU attacks?

Answer 4

Changing file links or permissions between the check and use stages, like using symbolic links.

Question 5

Describe an example of a TOCTOU attack using a symbolic link.

Answer 5

An attacker changes a file from a safe location (e.g., /tmp/xxx) to a symbolic link pointing to /etc/passwd during the access gap.

Question 6

Why are atomic operations important in preventing TOCTOU attacks?

Answer 6

They make check-and-use inseparable, eliminating the timing gap that allows race conditions.

Question 7

Fill in the blank: TOCTOU vulnerabilities are commonly mitigated by making operations ______.

Answer 7

Atomic

Question 8

What is the Dirty COW vulnerability?

Answer 8

A Linux kernel race condition that exploits Copy-On-Write behavior in memory mapping, allowing unauthorized file modification.

Question 9

How does the Dirty COW exploit Copy-On-Write?

Answer 9

It uses a race condition between memory management operations to write directly to a supposedly read-only file.

Question 10

Give an example of the target file for a Dirty COW attack.

Answer 10

The /etc/passwd file, which controls user privileges.

Question 11

Fill in the blank: Dirty COW attacks leverage the timing gap in the ______ process of memory mapping.

Answer 11

Copy-On-Write (COW)

Question 12

What is the purpose of using MAP_SHARED in memory mapping?

Answer 12

It allows multiple processes to share updates to the same physical memory, making changes immediately visible.

Question 13

How does the MAP_PRIVATE option in mmap differ from MAP_SHARED?

Answer 13

MAP_PRIVATE creates a private copy when a process writes, so changes aren’t visible to other processes.

Question 14

Explain the function of madvise with MADV_DONTNEED in Dirty COW attacks.

Answer 14

It discards the private copy of mapped memory, forcing access back to the original physical memory.

Question 15

Fill in the blank: The principle of ______ recommends minimizing program privileges to what is necessary for the task.

Answer 15

Least privilege

Question 16

Why is the principle of least privilege critical in mitigating race condition risks?

Answer 16

It limits the level of access a program has, reducing the impact of potential race condition exploits.

Question 17

List one system setting that helps prevent symbolic link TOCTOU attacks.

Answer 17

Sticky symlink protection in world-writable directories like /tmp.

Question 18

Explain sticky symlink protection.

Answer 18

This protection prevents symbolic links in world-writable directories from being followed if they’re owned by different users.

Question 19

What does ‘repeated checks’ mean as a race condition countermeasure?

Answer 19

Performing multiple checks on a resource and verifying consistency to reduce the chance of a race condition.

Question 20

Fill in the blank: The ______ option with O_CREAT in the open() function prevents TOCTOU by ensuring atomic file creation.

Answer 20

O_EXCL

Question 21

How does comparing file inodes help detect race conditions?

Answer 21

It ensures that the file accessed remains the same throughout the operation, flagging inconsistencies if the file changes.

Question 22

Why is it important to patch the Linux kernel for vulnerabilities like Dirty COW?

Answer 22

Kernel patches fix race conditions and prevent attackers from exploiting timing gaps in critical operations.

Question 23

Describe how the principle of least privilege applies to file access in race conditions.

Answer 23

Programs should temporarily reduce privileges during non-critical operations to prevent unauthorized access.

Question 24

What is the purpose of using ‘sticky bits’ in directories like /tmp?

Answer 24

They prevent users from modifying or deleting each other’s files, reducing the risk of race conditions in shared directories.

Question 25

Fill in the blank: Atomic operations are crucial for preventing ______ in TOCTOU vulnerabilities.

Answer 25

Timing gaps or windows

Question 26

Why is it important to use absolute paths in security-sensitive programs?

Answer 26

Using absolute paths ensures consistent file access and prevents path manipulation by attackers.

Question 27

Explain the use of the MAP_SHARED option in inter-process communication.

Answer 27

It allows processes to share and immediately see each other’s changes in a mapped memory region.

Question 28

What is the risk of using MAP_PRIVATE without understanding Copy-On-Write?

Answer 28

Changes are isolated to a private copy, but a race condition can still manipulate memory before the copy occurs.

Question 29

Describe an attack method that involves both memory mapping and symbolic links.

Answer 29

An attacker could map memory and use symbolic links to redirect operations to privileged files during a race condition.

Question 30

What role does memory mapping play in the Dirty COW vulnerability?

Answer 30

It allows unauthorized memory writes by exploiting timing gaps in the Copy-On-Write process.