Question
Race conditions are a common problem in operating system protection mechanisms. An easy example involves a Time-of-check to Time of Use (TOCTOU) race based on
Race conditions are a common problem in operating system protection mechanisms. An easy example involves a Time-of-check to Time of Use (TOCTOU) race based on Unix symbolic links, which contain a path that is resolved at access time. For example, the UNIX print utility lpr runs setuid root and has the ability to read any file on the system and send it to the printer an operation that requires root privileges. To prevent a user from printing a file she doesnt own, it checks the ownership of a file before printing it:
if (access(argv[1], R OK) != 0)
exit(1);
fd = open(argv[1], O RDONLY);
send_to_printer(fd)
a. Explain how a user can use two programs in combination with symbolic links to get lpr to print a file to which the user does not have permission to open.
b. To actually mount a practical attack, timing is critical. The attacker must make sure the second program is able to run exactly between the two system calls in the above code. How can the attacker guarantee this?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started