← Lessons

quiz vs the machine

Platinum1780

Security

Time Of Check To Time Of Use Races

Why checking then acting can be exploited in the gap and how to close it.

6 min read · advanced · beat Platinum to climb

The Risk

A time of check to time of use race, or TOCTOU, happens when a program checks a condition and then acts on it as two separate steps. Between the check and the use, the state can change. An attacker who controls timing swaps the resource in that window. A classic case checks that a file is safe, then opens it, while the attacker repoints the name to a sensitive target in between.

The flaw is assuming the world stays still between a check and the action that relies on it.

The Defense

  • Operate on a stable handle. Open the resource once and perform checks and use on that same handle rather than re looking up a name.
  • Use atomic operations that check and act in one indivisible step.
  • Hold a lock that covers the whole check then act sequence for shared state.
  • Prefer fail safe creation flags that refuse to follow links or to clobber existing targets.

Key idea

Bind the check and the use to the same handle or an atomic operation so no attacker can swap the resource in the gap between them.

Check yourself

Answer to earn rating on the learn ladder.

1. What is exploited in a TOCTOU race?

2. Which approach closes the window?

3. Why help with atomic operations?