Time-of-check to time-of-use
Class of software bugs / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Time-of-check to time-of-use?
Summarize this article for a 10 year old
In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check.
TOCTOU race conditions are common in Unix between operations on the file system,[1] but can occur in other contexts, including local sockets and improper use of database transactions. In the early 1990s, the mail utility of BSD 4.3 UNIX had an exploitable race condition for temporary files because it used the mktemp()
[2] function.[3]
Early versions of OpenSSH had an exploitable race condition for Unix domain sockets.[4] They remain a problem in modern systems; as of 2019, a TOCTOU race condition in Docker allows root access to the filesystem of the host platform.[5] In the 2023 Pwn²Own competition in Vancouver, a team of hackers was able to compromise the gateway in updated Tesla model 3 using this bug.[6]