Y
Hacker News
new
|
ask
|
show
|
jobs
by
karatinversion
1798 days ago
He was - TOCTOU has its own wiki page [1]. These can be nastier, because they don't require the attacker to be able to submit strings or file names.
[1]
https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use
1 comments
tines
1798 days ago
I guess I'm not sure how you would use open() that would expose a TOCTOU bug that openat () wouldn't. Can you give an example?
link