time-of-check to time-of-use (TOCTOU) attack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
storlets |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The vulnerability is at https:/
Take gateway.
```
with open(cache_
for data in data_iter:
if not is_storlet:
if not perm:
```
When a file is first written and then its permissions are later changed using chmod, there exists a potential security risk known as a time-of-check to time-of-use (TOCTOU) attack. In this type of attack, an attacker exploits the time window between when the file is initially written and when its permissions are modified. During this time window, the attacker may gain access to the file.
description: | updated |
description: | updated |
information type: | Private Security → Public Security |
description: | updated |
Fix proposed to branch: master /review. opendev. org/c/openstack /storlets/ +/906183
Review: https:/