CWE-363 允许符号链接跟随的竞争条件
Race Condition Enabling Link Following
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
The software checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the software to access the wrong file.
扩展描述
While developers might expect that there is a very narrow time window between the time of check and time of use, there is still a race condition. An attacker could cause the software to slow down (e.g. with memory consumption), causing the time window to become larger. Alternately, in some situations, the attacker could win the race by performing a large number of attacks.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 367 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 367 cwe_View_ID: 699 cwe_Ordinal: Primary
-
cwe_Nature: CanPrecede cwe_CWE_ID: 59 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Confidentiality', 'Integrity'] | ['Read Files or Directories', 'Modify Files or Directories'] |
示例代码
例
This code prints the contents of a file if a user has permission.
bad PHP
//resolve file if its a symbolic link
if(is_link($filename)){
if(fileowner($filename) == $user){
return;
else{
return false;
This code attempts to resolve symbolic links before checking the file and printing its contents. However, an attacker may be able to change the file from a real file to a symbolic link between the calls to is_link() and file_get_contents(), allowing the reading of arbitrary files. Note that this code fails to log the attempted access (CWE-778).
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Race condition enabling link following | ||
| CERT C Secure Coding | POS35-C | Exact | Avoid race conditions while checking for the existence of a symbolic link |
| Software Fault Patterns | SFP20 | Race Condition Window |
相关攻击模式
- CAPEC-26