Fixing Races for Fun and Profit:  How to use access(2)

Drew Dean, and Alan J. Hu

13th USENIX Security Symposium,
2004, pp. 195-206.

It is well known that it is insecure to use the access(2) system call
in a setuid program to test for the ability of the program's executor
to access a file before opening said file. Although the access(2) call
appears to have been designed exactly for this use, such use is
vulnerable to a race condition. This race condition is a classic
example of a time-of-check-to-time-of-use (TOCTTOU) problem. We prove
the ``folk theorem'' that no portable, deterministic solution exists
without changes to the system call interface, we present a
probabilistic solution, and we examine the effect of increasing CPU
speeds on the exploitability of the attack.