How To Win The Race Against TOCTOU Vulnerabilities in C & C++

Written by sonarsource | Published 2020/10/11
Tech Story Tags: c++ | cpp | security | sast | toctou | cpp-vulnerabilities | docker-toctou | toctou-vulnerabilities-cpp

TLDR SonarSource announces a new rule to detect a literal race condition: TOCTOU (or TOCTTOU) vulnerabilities, known in long-form as Time Of Check (to) Time Of Use. The idea is that there's a window of opportunity between when a privileged program checks a file (Does the file exist? Are permissions okay for what we're about to do? …) and when it operates on that file. In that window, an attacker could replace the file with e.g. a symlink to `/etc/passwd` and the operation you meant to perform on `/home/ann/tmp` happens to an important system file instead.via the TL;DR App
no story
Written by sonarsource | We build world-class Code Quality & Security tools: SonarQube, SonarLint and SonarCloud
Published by HackerNoon on 2020/10/11
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy