Race condition

From FreeBSDwiki
Revision as of 14:01, 24 December 2004 by Dave (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Race condition is a technical term for a type of vulnerability in which an attack can be mounted during a narrow window of time. For example, if your system has a firewall installed with a default allow ruleset, when you first start the machine (or when you reload the ruleset) there will be a window of time in which the firewall rules restricting traffic to potentially vulnerable areas are not activated, and a network attacker could get at those ports unhindered. This is called a "race" condition because the attacker is "racing" your system to the finish line - trying to get the attack accomplished before the window of opportunity closes.

While this might not sound like a big deal - after all, on most systems it only takes a few hundredths of a second to load a firewall ruleset - exploiting a race condition is one of the classic methods of compromising an otherwise secure machine. One method of successfully exploiting a potential race condition is to simply "flood" that machine with attack attempts fast enough that if the machine reboots or otherwise opens up the race window, one of the attacks will get through. Another is a multi-staged attack - if you know a good way to force the machine to reboot (or to reload the service with the race condition), you first do that and follow it up immediately with a scripted attack which will get through before the window closes.

Note that this is not limited to firewalls or security, but can appear in any flawed logic scheme or program.

See also:

Personal tools