File-based Race Condition Attacks on Multiprocessors Are Practical Threat

TOCTTOU (Time-of-Check-to-Time-of-Use) attacks exploit race conditions in file systems. Although TOCTTOU attacks have been known for 30 years, they have been considered “low risk” due to their typically low probability of success, which depends on fortuitous interleaving between the attacker and victim processes. For example, recent discovery of TOCTTOU vulnerability in vi showed a success rate in low single digit percentages for files smaller than 1MB size. In this paper, we show that in a multiprocessor the uncertainties due to scheduling are reduced, and the success probability of vi attack increases to almost 100% for files of 1 byte size. Similarly, another recently discovered vulnerability in gedit, which had almost zero probability of success, changes to 83% success rate on a multiprocessor. The main reason for the increased success rate to almost certainty is the speed up of attacker process when running on a dedicated processor. These case studies show the sharply increased risks represented by file-based race condition attacks such as TOCTTOU on the next generation multiprocessors, e.g., those with multi-core processors.