Race Conditions. A race condition occurs when an assumption needs to hold true for a period of time, but actually may not Bob and Alice example.

Similar documents
Secure Software Programming and Vulnerability Analysis

Non-atomic check and use aka TOCTOU (Time of Check, Time of Use) or race conditions. Erik Poll Digital Security group Radboud University Nijmegen

Secure Programming. CSC 482/582: Computer Security Slide #1

SysSec. Aurélien Francillon

CABLE MODEM REGISTRATION PROCESS

Cisco Cable CPE Error Messages

Introduction to Unix. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Overview of the Cisco NCS Command-Line Interface

Virtual Interface Bundling

DHCP, ToD, and TFTP Services for CMTS Routers

Using the Cable Monitor Tool

ServletConfig Interface

Processes are subjects.

Secure Architecture Principles

PathTrak UCD Import Tool Users Guide

Introduction to Linux. Fundamentals of Computer Science

We ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?

CS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES

CptS 360 (System Programming) Unit 6: Files and Directories

Downstream Channel ID Assignment

SECURE PROGRAMMING TECHNIQUES. Race conditions. General terms. File access races. Network races. Multithreading. Signal handling races MEELIS ROOS 1

CS 380S. TOCTTOU Attacks. Don Porter. Some slides courtesy Vitaly Shmatikov and Emmett Witchel. slide 1

Processes are subjects.

Cable Commands: ca through cr

How do I perform a backup and restore from a NOKIA IP VPN 10i to another NOKIA IP VPN 10i in the event of a hardware failure?

Dynamic Detection and Prevention of Race Conditions in File Accesses

Provisioning of Algo SIP Endpoints Algo Communication Products Version 1.1 Sept 30, 2015

Working with Configuration Files

Installing the L-Series Library Admin and Personality Module on the L180 and L700 Series Libraries

Advanced Topics in Operating Systems. Manual for Lab Practices. Enterprise JavaBeans

Virtual File System. Don Porter CSE 306

Developing a Mobile Web-based Application with Oracle9i Lite Web-to-Go

Clear Choice Communications BROADBAND INTERNET SERVICE DISCLOSURES

Cisco cbr Series Converged Broadband Routers Security and Cable Monitoring Configuration Guide

Cisco Network Registrar for the Cisco CMTS Routers

Cable FAQs. Contents. Document ID: 12177

Table of Contents. Introduction

JAVA SERVLET. Server-side Programming INTRODUCTION

3/7/18. Secure Coding. CYSE 411/AIT681 Secure Software Engineering. Race Conditions. Concurrency

EI 338: Computer Systems Engineering (Operating Systems & Computer Architecture)

TOCTTOU Vulnerabilities in UNIX-Style File Systems: An Anatomical Study

OPERATING SYSTEMS, ASSIGNMENT 4 FILE SYSTEM

Tricky issues in file systems

Memory Management: The process by which memory is shared, allocated, and released. Not applicable to cache memory.

CESecure Quick Start Guide

1 / 22. CS 135: File Systems. General Filesystem Design

Datasäkerhet/Data security EDA625 Lect5

Subscriber Traffic Management

Using Cisco IOS Software

Outline. File Systems. File System Structure. CSCI 4061 Introduction to Operating Systems

INTRODUCTION TO THE UNIX FILE SYSTEM 1)

Chapter 11: File-System Interface. File Concept. File Structure

Files and Directories

Installation Tools for Clusters. Rajesh K., Computer Division, BARC

Web based Applications, Tomcat and Servlets - Lab 3 -

UNIT-V. Web Servers: Tomcat Server Installation:

CMTS Router Service Features

Linux Essentials. Smith, Roderick W. Table of Contents ISBN-13: Introduction xvii. Chapter 1 Selecting an Operating System 1

The Basic Web Server CGI. CGI: Illustration. Web based Applications, Tomcat and Servlets - Lab 3 - CMPUT 391 Database Management Systems 4

Data Security and Privacy. Unix Discretionary Access Control

Advanced Programming in the UNIX Environment W. Richard Stevens

Virtual Interface Bundling for the Cisco CMTS

Consolidated Packages and SubPackages Management

Virtual File System. Don Porter CSE 506

File Systems: Interface and Implementation

File Systems: Interface and Implementation

name type description String or Component Detach and Termination Attributes. Common to File, Mkdir and TouchFile components name type description

File Systems: Interface and Implementation

Maintaining the System Software

Secure Programming Lecture 16: Race Conditions

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Operating System Engineering: Fall 2003

public class MyThread extends Thread { try { private Shared theshared; threada.join(); threadb.join();

Advanced Internet Technology Lab # 4 Servlets

TIBCO ActiveMatrix BusinessWorks Plug-in for sftp User's Guide

Source-Based Rate Limit

Chapter 11: File-System Interface

Conditional Debug and Radioactive Tracing

KUHN COMMUNICATIONS, INC BROADBAND INTERNET ACCESS SERVICE DISCLOSURES

Files and File Systems

Cable Commands: a through cable-modem

CYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions

CCNA 1 Chapter 2 v5.0 Exam Answers %

Upgrading the Cisco IOS XE Software

Chapter 11: File-System Interface. Operating System Concepts 9 th Edition

Document ID: Contents. Introduction. Prerequisites. Requirements. Introduction. Prerequisites Requirements

Troubleshooting. Understanding POST Results CHAPTER

Cisco RF Switch Firmware Command Reference Guide

Troubleshooting the Installation

Configuration Procedures

Controlling Switch Access with Passwords and Privilege Levels

CS 356 Operating System Security. Fall 2013

Working with the Flash File System

INTRODUCTION TO SERVLETS AND WEB CONTAINERS. Actions in Accord with All the Laws of Nature

Managing the ACE Software

Converting Autonomous Access Points to Lightweight Mode

Conditional Debug and Radioactive Tracing

Converting Autonomous Access Points to Lightweight Mode

Chapter 11: File-System Interface

Chapter 11: File-System Interface. Long-term Information Storage. File Structure. File Structure. File Concept. File Attributes

Cisco Unified Operating System Administration Web Interface

Transcription:

Race Conditions A race condition occurs when an assumption needs to hold true for a period of time, but actually may not Bob and Alice example.

Java Example Import java.io.* Import java.servlet.* Import java.servlet.http.* public class Counter extends HttpServlet { int count = 0; public void doget(httpservletrequest in, HttpServletResponse out) throws ServletException { out.setcountenttype( text/plain ); Printwriter p = out.getwriter(); count++; p.println(count + hits so far! ); } }

Java Example Import java.io.* Import java.servlet.* Import java.servlet.http.* public class Counter extends HttpServlet { int count = 0; public void doget(httpservletrequest in, HttpServletResponse out) throws ServletException { int my_count; out.setcountenttype( text/plain ); Printwriter p = out.getwriter(); synchronized(this) { my_count = ++count; } p.println(my_count + hits so far! ); } }

Time-of-Check, Time-of-Use The check for privilege (access) to a resource should occur at the same time when the resource is used. Race conditions always happens when more than one process/thread has access to the same resource. Security-critical race conditions happen when the 2 processes has different privileges

Unix file-based Race Condition Unix filesystem is shared among all processes If a process with privilege writes to a file after checking access, a race condition occur. Password file problem in the book, pages 218-219

Race Condition in Some Cable Modems Users were able to use a race condition in some early version of cable modem software to trick the modem to download a config file from their server instead of the cable company server See http://www.securityfocus.com/news/394/ If cable modem hacking hasn't become a huge problem for service providers, it's probably because the process remains intimidating for non-technical users. The subscriber has to program a DOCSIS configuration file with a special editor, run their own TFTP server, change their IP address and run an DHCP server that tricks the modem into pulling the config file from their host. Dedicated hobbyists have refined the procedure and written tools to automate key portions of it, but pitfalls and caveats abound

How cable modem works Offline. Scan for downstream channel. Receive Upstream Channel Descriptor (UCD). Ranging to find tx level and symbol timing. DHCP to get CM IP address and gateway. Use TFTP to get config file. Initialize Baseline Privacy (BPI). Receive Time Of Day (ToD). Online.

Cable Modem Config file contains Downstream channel identification Class of Service settings Baseline Privacy settings General operational settings Network management information Software upgrade fields Filters Vendor specific settings

Using TFTP to get the config file End User Server ping Cable Modem Cable company Server User server has same IP as the cable company server Cable modem needs to communicate with tftp server based on DHCP parameter Cable modem requests the MAC address of the tftp server if it does not have it already Cable modem starts sending tftp requests/packets to that server The user simply continue to ping the cable modem address from his/her own server to get its own MAC address in the modem memory The cable modem communicates with the user server instead of the company server. This bug has been fixed in most cable modems.

Unix filesystem Race condition Race conditions are only a security problem if the process runs as a different user. i.e only a potential security issue if the programs is suid. Extra care is needed when writing software that is expected to run as suid under unix. Specially when doing file operations Method described on page 220 can be used to avoid race conditions and ensure the correct file was opened.

Unix filesystem Race condition Some operations require a filename and cannot operate on a file handles [link(), mkdir(), mknod(), rmdir(), symlink(), unmount(), unlink(), utime()] The best solution is to keep files a specific program needs in their own secure dir. The software should chdir() to the dir then check it is secure before working on any files in that dir.

Deleting files Deleting files securely can only be done if using secure directory approach Deleting a file simply remove the reference to it from the dir and frees the blocks. It does not delete the data Technology exits to even recover data from disk plates even if data has been overwritten The best way to ensure data security is not to write it on disk or use some encryption before writing to disk. Must also ensure that data does not get written to disk by OS by swapping memory out.

Temporary Files Writing temp files to a common accessible directory is a bad practice from security point of view. If a temporary file must be written to /tmp follow the steps on page 226

File Locking File locking in most operating system is discretionary and not mandatory To ensure locks are not taken over by potential attackers, file must be secure directory Locks on network file systems may not work.

Other Race Conditions Cable modem problem described before Race condition occurs anytime 2 actions act of the same resource. Race condition creates a security problem when the 2 processes has different privileges

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback