Re: TOCTTOU race (was: Potential security weakness in Guix services)

[Bengt Richter <bokr@bokr.com>]

Hi,

On +2021-02-14 13:29:29 +0100, Maxime Devos wrote:
> On Sat, 2021-02-06 at 22:26 +0100, Ludovic Courtès wrote:
> > 
> > [...]
> > I understand the TOCTTOU race.  However, activation code runs in two
> > situations: when booting the system (before shepherd takes over), and 
> > upon ‘guix system reconfigure’ completion.
> >

Until we have a guix jargon file and a
    guix gloss SEARCHARGS ...
convenience command, it is nice towards noobs to spell out
an abbreviation or acronym on first use ;-)

--8<---------------cut here---------------start------------->8---
Time-of-check to time-of-use

   From Wikipedia, the free encyclopedia
     (Redirected from TOCTTOU)
   Jump to navigation Jump to search

   In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU
   or TOC/TOU) is a class of software bugs caused by a race condition
   involving the checking of the state of a part of a system (such as a
   security credential) and the use of the results of that check.

   TOCTOU race conditions are common in Unix between operations on the
   file system,^[1] but can occur in other contexts, including local
   sockets and improper use of database transactions. In the early 1990s,
   the mail utility of BSD 4.3 UNIX had an exploitable race condition for
   temporary files because it used the mktemp()^[2] function.^[3] Early
   versions of OpenSSH had an exploitable race condition for Unix domain
   sockets.^[4] They remain a problem in modern systems; as of 2019, a
   TOCTOU race condition in Docker allows root access to the filesystem of
   the host platform.^[5]
   [ ]
--8<---------------cut here---------------end--------------->8---

[...snip...]
-- 
Regards,
Bengt Richter