Vulnerability Development mailing list archives

Re: Temp File Race Conditions

From: Crispin Cowan <crispin () WIREX COM>
Date: Sat, 10 Mar 2001 12:51:14 -0800

Barry Russell wrote:

Does anyone know of any texts that talk about temp file race
conditions?


The canonical paper on race vulnerabilities is Matt Bishops's "Checking
for Race Conditions in File Accesses", published in USENIX Computing
Systems, Spring 1996, and available here
http://olympus.cs.ucdavis.edu/~bishop/scriv/index.html

Matt is writing a security text, and it seems likely that he'd address
the issue in his new book.  I don't know when the book will be released.

Immunix is building a tool called "RaceGuard".  A paper has been
submitted to USENIX Security for review, and we expect to release the
code later this spring.

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org

Current thread:

Temp File Race Conditions Barry Russell (Mar 10)
- Re: Temp File Race Conditions Crispin Cowan (Mar 10)
- <Possible follow-ups>
- Re: Temp File Race Conditions Yosi (Mar 11)