Recent from talks
Time-of-check to time-of-use
Knowledge base stats:
Talk channels stats:
Members stats:
Time-of-check to time-of-use
In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check.
TOCTOU race conditions are common in Unix between operations on the file system, but can occur in other contexts, including local sockets and improper use of database transactions. In the early 1990s, the mail utility of BSD 4.3 UNIX had an exploitable race condition for temporary files because it used the mktemp() function.
Early versions of OpenSSH had an exploitable race condition for Unix domain sockets. They remain a problem in modern systems; as of 2019, a TOCTOU race condition in Docker allows root access to the filesystem of the host platform. In the 2023 Pwn2Own competition in Vancouver, a team of hackers were able to compromise the gateway in an updated Tesla Model 3 using this bug.
In 2025, a TOCTOU race condition in Amazon Web Services' DNS management system for DynamoDB caused a major outage across the US-EAST-1 region. The incident stemmed from outdated DNS plans being applied after newer ones had already been cleaned up, resulting in the deletion of endpoint IP addresses and widespread service failure.
In Unix, the following C code, when used in a setuid program, has a TOCTOU bug:
Here, access is intended to check whether the real user who executed the setuid program would normally be allowed to write the file (i.e., access checks the real userid rather than effective userid).
This race condition is vulnerable to an attack:
In this example, an attacker can exploit the race condition between the access and open to trick the setuid victim into overwriting an entry in the system password database. TOCTOU races can be used for privilege escalation to get administrative access to a machine.
Although this sequence of events requires precise timing, it is possible for an attacker to arrange such conditions without too much difficulty.
The implication is that applications cannot assume the state managed by the operating system (in this case the file system namespace) will not change between system calls.
Hub AI
Time-of-check to time-of-use AI simulator
(@Time-of-check to time-of-use_simulator)
Time-of-check to time-of-use
In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check.
TOCTOU race conditions are common in Unix between operations on the file system, but can occur in other contexts, including local sockets and improper use of database transactions. In the early 1990s, the mail utility of BSD 4.3 UNIX had an exploitable race condition for temporary files because it used the mktemp() function.
Early versions of OpenSSH had an exploitable race condition for Unix domain sockets. They remain a problem in modern systems; as of 2019, a TOCTOU race condition in Docker allows root access to the filesystem of the host platform. In the 2023 Pwn2Own competition in Vancouver, a team of hackers were able to compromise the gateway in an updated Tesla Model 3 using this bug.
In 2025, a TOCTOU race condition in Amazon Web Services' DNS management system for DynamoDB caused a major outage across the US-EAST-1 region. The incident stemmed from outdated DNS plans being applied after newer ones had already been cleaned up, resulting in the deletion of endpoint IP addresses and widespread service failure.
In Unix, the following C code, when used in a setuid program, has a TOCTOU bug:
Here, access is intended to check whether the real user who executed the setuid program would normally be allowed to write the file (i.e., access checks the real userid rather than effective userid).
This race condition is vulnerable to an attack:
In this example, an attacker can exploit the race condition between the access and open to trick the setuid victim into overwriting an entry in the system password database. TOCTOU races can be used for privilege escalation to get administrative access to a machine.
Although this sequence of events requires precise timing, it is possible for an attacker to arrange such conditions without too much difficulty.
The implication is that applications cannot assume the state managed by the operating system (in this case the file system namespace) will not change between system calls.