Secure Software Design - Race Conditions Flashcards
What is a race condition?
A situation where a program’s output depends on the timing of uncontrollable events.
Fill in the blank: Race conditions often occur due to ______ in resource handling timing.
Gaps
Explain the Time-of-Check to Time-of-Use (TOCTOU) vulnerability.
A race condition where attackers exploit the time gap between checking a resource and using it to manipulate access or data.
What is a common exploit method for TOCTOU attacks?
Changing file links or permissions between the check and use stages, like using symbolic links.
Describe an example of a TOCTOU attack using a symbolic link.
An attacker changes a file from a safe location (e.g., /tmp/xxx) to a symbolic link pointing to /etc/passwd during the access gap.
Why are atomic operations important in preventing TOCTOU attacks?
They make check-and-use inseparable, eliminating the timing gap that allows race conditions.
Fill in the blank: TOCTOU vulnerabilities are commonly mitigated by making operations ______.
Atomic
What is the Dirty COW vulnerability?
A Linux kernel race condition that exploits Copy-On-Write behavior in memory mapping, allowing unauthorized file modification.
How does the Dirty COW exploit Copy-On-Write?
It uses a race condition between memory management operations to write directly to a supposedly read-only file.
Give an example of the target file for a Dirty COW attack.
The /etc/passwd file, which controls user privileges.
Fill in the blank: Dirty COW attacks leverage the timing gap in the ______ process of memory mapping.
Copy-On-Write (COW)
What is the purpose of using MAP_SHARED in memory mapping?
It allows multiple processes to share updates to the same physical memory, making changes immediately visible.
How does the MAP_PRIVATE option in mmap differ from MAP_SHARED?
MAP_PRIVATE creates a private copy when a process writes, so changes aren’t visible to other processes.
Explain the function of madvise with MADV_DONTNEED in Dirty COW attacks.
It discards the private copy of mapped memory, forcing access back to the original physical memory.
Fill in the blank: The principle of ______ recommends minimizing program privileges to what is necessary for the task.
Least privilege