Time-of-Check to Time-of-Use (TOCTOU) Software Bugs

Questions and Answers

What is the time-of-check to time-of-use (TOCTOU) bug?

A bug related to improper use of database transactions

A bug caused by the mktemp() function in Unix

A bug caused by a race condition involving checking and using the results of that check (correct)

A bug caused by a syntax error in Unix file operations

In which context are TOCTOU race conditions common?

Unix file system operations

Local sockets

Improper use of database transactions

All of the above (correct)

What was an example of an exploitable TOCTOU race condition in the mail utility of BSD 4.3 UNIX?

Race condition for local sockets

Race condition for reading system files

Race condition for database transactions

Race condition for temporary files using the mktemp() function (correct)

What did a TOCTOU race condition in Docker, as of 2019, allow?

Root access to the filesystem of the host platform

What type of program did the following C code have a TOCTOU bug in?

setuid program

What did early versions of OpenSSH have an exploitable TOCTOU race condition for?

Unix domain sockets

What is the implication of applications not being able to assume the state managed by the operating system will not change between system calls?

Applications are susceptible to TOCTOU race conditions

How can an attacker exploit the race condition to trick the setuid victim?

By arranging precise timing of operations between access and open

What technique is suggested for preventing TOCTOU race conditions in file system operations?

Using error handling instead of pre-checking

What was shown by an impossibility result published in 2004 regarding TOCTOU race conditions?

No portable, deterministic technique for avoiding TOCTOU race conditions using UNIX access and open filesystem calls

What is proposed as an alternative solution for preventing TOCTOU races in UNIX systems?

Adopting transactions in the file system or the OS kernel

What is the fundamental challenge in ensuring file system stability with regards to TOCTOU race conditions?

Ensuring that the file system cannot be changed between two system calls

What role do transactions play in preventing TOCTOU races?

Transactions provide a concurrency control abstraction for the OS

How does file locking compare to transactions in terms of preventing race conditions?

File locking works for a single file, while transactions provide a broader concurrency control abstraction for the OS

What was added to Microsoft Windows NTFS file system as a preventative measure against TOCTOU races?

Transactions

Why is using seteuid() system call proposed as a possible solution for setuid binaries?

To change the effective user before performing open() operation

What was indicated by Microsoft regarding the use of transactions in NTFS file system?

They discourage their use and may remove them in a future version of Windows

What function has been added to the kernel to translate virtual addresses to physical addresses?

virt to phys()

How many bytes of data are on each page?

4096 bytes

What is the purpose of accessing an address on each page of the range?

To overcome potential problems due to demand loading

What step is required to support deferred loading of trusted libraries?

Modifying the existing dynamic linker-loader

What does the function do after mapping the entire .text section of the binary into memory?

It walks the page tables of the process to translate virtual addresses to physical addresses

What is one downside of mapping the entire .text section of the binary into memory?

It slows down application start-up

What is the main purpose of the proposed combination of a memory event trapping framework and associated TPM operations?

To ensure that the programmer’s expectations of access patterns to the program’s sensitive memory objects are fulfilled and enforced

What did the Xen-based proof-of-concept demonstrate in relation to TOCTOU attacks on measured memory?

Ways to detect such attacks by monitoring the relevant PTEs and physical frames of RAM

What is one avenue of future work mentioned in the text?

Exploring how to have the TPM reflect other avenues of change to measured memory

What is the primary focus of protecting against physical memory accesses that are resolved by traversing the page tables maintained by the MMU?

Ensuring that previously measured memory cannot be modified at run-time in an undetectable way

What do the authors argue regarding the current assumptions about the run-time state of measured memory?

They do not properly account for possible changes after the initial measurement

What is suggested as a means to ensure that the programmer’s expectations of access patterns to the program’s sensitive memory objects are enforced?

A combination of a memory event trapping framework and associated TPM operations performed by its trap handlers

What is the primary goal of the software prototype mentioned in the text?

To investigate the future hardware features needed for secure programming primitives

What type of attacks did Kursawe, et. al focus on in their research?

Passive attacks against TPMs

What is the purpose of IBM's Integrity Measurement Architecture (IMA) mentioned in the text?

To protect the integrity of the TCG trust measurement architecture

What is the focus of the Bear/Enforcer project from Dartmouth College?

Improving integrity of a Linux system

What does BIND do in terms of establishing a trusted environment for distributed systems?

Attests only to a critical piece of code about to execute

What is proposed as an approach based on programming language semantics by Haldar et al.?

An approach based on programming language semantics

What is the role of Copilot in monitoring system memory?

Protecting the runtime integrity of code and data

What was developed by Dartmouth College for improving the integrity of a Linux system?

A Linux Security Module (LSM)

What does Overshadow and SecVisor use for protecting the runtime integrity of code and data?

Extra level of memory indirection/virtualization

What does BIND attest to for establishing a trusted environment for distributed systems?

A critical piece of code about to execute

What is proposed as an approach based on programming language semantics by Haldar et al.?

An approach based on programming language semantics

How does Copilot monitor system memory?

Using a separate bus-mastering PCI add-in card for making checks on system memory

What is the primary goal of the attack scenarios described in the text?

To modify the trusted code of the victim process

How does Scenario 1 differ from Scenario 2 in the described attack scenarios?

Scenario 1 creates writable page mappings, while Scenario 2 updates the mappings of the .text section

Which limitation is highlighted in the text regarding the system's trust-related states and transitions?

Difficulty in expressing bad transitions in the state of software

What kind of attacks does the event system, based on policy checks, fail to prevent?

Exploits that involve non-executable crafted input data

What is suggested as a potential solution for protecting writable data after a certain phase of normal program execution?

Creating a special ELF loadable segment for sealed data

What role does Domain-0 play in the attack scenarios described in the text?

It allows privileged access to hardware TPM and software TPM

How does the attacker carry out Scenario 3?

By updating the permission bits of its.text section to make them writable

What is indicated as a limitation of the choice of events for trapping to interpose policy checks?

Inability to express transitions bringing the system into an untrusted state

What does the prototype detect when a subset of monitored PTEs are being updated to point to different portions of RAM?

'Bad' transitions indicating tampering

What is indicated as essential for mitigating cross-layer and cross-interface input-scrubbing application vulnerabilities?

A different set of secure programming primitives

What is the purpose of the hypercall HYPERVISOR_report_exit?

To report when an application being monitored exits to the hypervisor

What is the purpose of creating a new virtual interrupt, VIRQ_TAMPER?

To indicate tampering with trusted memory to Domain-0

How does the hypervisor detect tampering with trusted memory?

By checking if a 'trusted PTE' is being updated to point to a different set of frames or to make it writable

What is the role of the virtual TPM Manager in the prototype?

To prevent direct interactions between Domain-0 and the software TPM

What action does Domain-0 take upon receiving a specific virtual interrupt (VIRQ_TAMPER) from the hypervisor?

Extend the concerned PCR in the virtual TPM of Domain-1 with a random value

Why does the hypervisor need to indicate tampering to Domain-0 using a specific virtual interrupt (VIRQ_TAMPER)?

To notify Domain-0 that tampering with trusted memory has been detected

What technique does the hypervisor use to track specific addresses and page table entries (PTEs)?

Hooking into Xen's page table updating code

What role does Domain-0 play in updating the integrity measurements of the Domain under test?

It extends the concerned PCR in the virtual TPM of Domain-1 with a random value

What is the primary purpose of creating a new hypercall HYPERVISOR_track_memory?

To detect any modifications made to monitored physical memory addresses

Study Notes

TOCTOU Bug and Race Conditions

• The time-of-check to time-of-use (TOCTOU) bug is a type of race condition that occurs when a system checks for a certain condition, but the condition changes before the system takes action.
• TOCTOU race conditions are common in contexts where multiple processes or threads are accessing shared resources.

Exploitable TOCTOU Race Conditions

• An example of an exploitable TOCTOU race condition was found in the mail utility of BSD 4.3 UNIX.
• A TOCTOU race condition in Docker, as of 2019, allowed an attacker to trick the setuid victim into performing unintended actions.

Prevention Techniques

• One technique suggested for preventing TOCTOU race conditions in file system operations is to use transactions.
• Using seteuid() system call is proposed as a possible solution for setuid binaries.

Operating System Implications

• The implication of applications not being able to assume the state managed by the operating system will not change between system calls is that TOCTOU race conditions can occur.
• The fundamental challenge in ensuring file system stability with regards to TOCTOU race conditions is to prevent race conditions.

File System Operations

• Microsoft Windows NTFS file system added a preventative measure against TOCTOU races.

Memory Management

• The function to translate virtual addresses to physical addresses is used to map memory.
• The purpose of accessing an address on each page of the range is to support deferred loading of trusted libraries.
• Mapping the entire .text section of the binary into memory can lead to a downside of increased memory usage.

Security Measures

• The main purpose of the proposed combination of a memory event trapping framework and associated TPM operations is to prevent TOCTOU attacks on measured memory.
• The Xen-based proof-of-concept demonstrated the feasibility of TOCTOU attacks on measured memory.
• The primary focus of protecting against physical memory accesses is to ensure the integrity of measured memory.

Research and Projects

• Kursawe, et.al focused on TOCTOU attacks in their research.
• IBM's Integrity Measurement Architecture (IMA) is used to establish a trusted environment for distributed systems.
• The Bear/Enforcer project from Dartmouth College focuses on improving the integrity of a Linux system.
• BIND is used to establish a trusted environment for distributed systems.
• Haldar et al. proposed an approach based on programming language semantics to prevent TOCTOU attacks.
• Copilot monitors system memory to detect TOCTOU attacks.
• Overshadow and SecVisor use TPM to protect the runtime integrity of code and data.
• The primary goal of the attack scenarios described in the text is to demonstrate the feasibility of TOCTOU attacks.
• Domain-0 plays a role in the attack scenarios described in the text.

Description

Learn about the class of software bugs known as Time-of-Check to Time-of-Use (TOCTOU) which are caused by race conditions involving the checking and use of system states. This quiz covers the common occurrence of TOCTOU race conditions in Unix file systems and other contexts such as local sockets and database transactions.