time-of-check to time-of-use (TOCTOU) attack
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Magnum |
Fix Released
|
Undecided
|
lujiefsi |
Bug Description
At https:/
, we first write ca_file,key_file cert_file , then we chmod mode them.
```
ca_file = open(cached_
```
When a file is first written and then its permissions are later changed using chmod, there exists a potential security risk known as a time-of-check to time-of-use (TOCTOU) attack. In this type of attack, an attacker exploits the time window between when the file is initially written and when its permissions are modified. During this time window, the attacker may gain access to the file.
description: | updated |
summary: |
- wrong order between write and chmod + time-of-check to time-of-use (TOCTOU) attack |
description: | updated |
information type: | Private Security → Public Security |
Changed in magnum: | |
assignee: | nobody → lujiefsi (lujiefsi) |
we shoud chmod first, then write, like
https:/ /github. com/openstack/ openstack- ansible/ blob/5f9173cb75 3f87eeec5a87716 115dbc9670a03ce /scripts/ pw-token- gen.py# L200