all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

TOCTOU - Wikipedia Explanation Silly Question

Add to bookmarks
Sept. 13, 2023, 1:14 a.m. | /u/erudes91

cybersecurity www.reddit.com

Hello! I have been reading about this bug that can be abused mainly the Wikipedia page to get a high-level view of it:

[https://en.wikipedia.org/wiki/Time-of-check\_to\_time-of-use](https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use)

*The attacker can do* **"symlink("/etc/passwd", "file");"** *after the access check and before the open.*

**"Although this sequence of events requires precise timing, it is possible for an attacker to arrange such conditions without too much difficulty."**

I am trying to get my head around on how the attacker does this in real time?

The only way …

access attacker bug check cybersecurity etc events file hello high page question toctou wikipedia

Visit resource

More from www.reddit.com / cybersecurity

how hard do you think is it to get into penetration testing nowadays 4 hours ago | www.reddit.com
cybersecurity hard penetration penetration testing +1
Building an SOC From Scratch: The Importance of Documentation and Network Segmentation 4 hours ago | www.reddit.com
analyst antivirus bank building +23
The Risks of Scattered Logs and Why Centralised SIEM Is Better for Security 7 hours ago | www.reddit.com
companies cybersecurity event event management +21
How-To Install and Setup: Azure Arc, (AMA) Azure Monitor Agent and (DCR) Data Collection Rules … 10 hours ago | www.reddit.com
agent ama arc article +28
Iranian hackers pose as journalists to push backdoor malware 10 hours ago | www.reddit.com
backdoor cybersecurity hackers iranian +3
How deep into certifications should you go at “entry level?” 12 hours ago | www.reddit.com
administration certifications cybersecurity entry +10
Is SOC 2 Report Sufficient for Vendor Risk Management? 18 hours ago | www.reddit.com
application cybersecurity deployment friends +18
Attackers Employ Microsoft Graph API to Evade Detection 20 hours ago | www.reddit.com
api attackers cybersecurity detection +4
Cybersecurity Stash: Your One-Stop Directory for Security Tools and Resources! 20 hours ago | www.reddit.com
cybersecurity directory hey hub +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Cybersecurity Consultant

@ Devoteam | Cité Mahrajène, Tunisia
View on infosec-jobs.com

GTI Manager of Cybersecurity Operations

@ Grant Thornton | Phoenix, AZ, United States
View on infosec-jobs.com

(Senior) Director of Information Governance, Risk, and Compliance

@ SIXT | Munich, Germany
View on infosec-jobs.com

Information System Security Engineer

@ Space Dynamics Laboratory | North Logan, UT
View on infosec-jobs.com

Intelligence Specialist (Threat/DCO) - Level 3

@ Constellation Technologies | Fort Meade, MD
View on infosec-jobs.com

Cybersecurity GRC Specialist (On-site)

@ EnerSys | Reading, PA, US, 19605
View on infosec-jobs.com
View more jobs