3. a) The following code snippet belongs to a privileged program (e.g. Set-UID program), and it runs with the root privilege.

1: if (!access("/tmp/X", W_OK)) {

2: /* the real user ID has access right */

3: f = open("/tmp/X", O_WRITE);

4: write_to_file(f);

5: }

6: else {

7: /* the real user ID does not have access right */

8: fprintf(stderr, "Permission denied ");

9: }

Describe and discuss in detail this code, identify if it has TOCTOU problem or not, justify your answer. Describe the Race Condition attacks, clearly, describe possible attacks and countermeasures.

b) Carefully study the code snippet below and identify how many race conditions an attacker needs to win by specifying the line numbers. Also, explain what you understand by the check-use-repeating approach.

1: if (access("tmp/X", O_RDWR)) goto error handling

2: else f1 = open("/tmp/X", O_RDWR);

3: if (access("tmp/X", O_RDWR)) goto error handling

4: else f2 = open("/tmp/X", O_RDWR);

5: if (access("tmp/X", O_RDWR)) goto error handling

6: else f3 = open("/tmp/X", O_RDWR);