• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Vulnerability FAQs
• How can I find security vulnerabilities in my source code?
• What is an integer overflow?
• What is a race condition?
• What is a format string vulnerability?
• What is a random number vulnerability?
• What is an SQL Injection Attack / Vulnerability?
• Where can I find information about vulnerabilities?
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

What is a Race Condition?

A race condition occurs when multiple processes access and manipulate the same data concurrently, and the outcome of the execution depends on the particular order in which the access takes place.

A race condition is of interest to a hacker when the race condition can be utilized to gain privileged system access.

Consider the following code snippet which illustrates a race condition:

if(access("/tmp/datafile",R_OK)==0){
	fd=open("/tmp/datafile
        process(fd);
        close(fd);

This code creates the temporary file /tmp/datafile and then opens it.

The potential race condition occurs between the call to access() and the call to open().

If an attacker can replace the contents of /tmp/datafile between the access() and open() functions, he can manipulate the actions of the program which uses that datafile. This is the race.

It can be difficult to exploit a race condition, because you may have to "run the race" many times before you "win." You may have to run the vulnerable program and the vulnerability testing tool thousands of times before you get the expolit code to execute after the vulnerability opens and before the vulnerability closes. It is sometimes possible to give the attack an extra edge by using `nice` to lower the priority of the legitimate suid program.

Improper use of the function calls access(), chown(), chgrp(), chmod(), mktemp(), tempnam(), tmpfile(), and tmpnam() are the normal causes of a race condition.

Purchase these excellent books on secure programming at Amazon.com

Vulnerability Management for Dummies

Our friends at Qualys are offering free copies of the electronic version of Vulnerability Management for Dummies to Tech-FAQ readers. Vulnerability Management for Dummies: Explains the critical need for vulnerability management Details the essential best-practice steps of a successful vulnerability management program Outlines the various vulnerability management solutions - including the advantages and disadvantages of each Highlights the award-winning QualysGuard vulnerability management solution Provides a ten point checklist for removing vulnerabilities from your key resources

Latest Blog Posts

• Acai Berry Spam via MSN

• Obama Seeks Power to Shut Down the Internet

• Help Beta Test Tech-FAQ 2.0!

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum