Java – how does the competitive condition in toctou work?

2020-08-29 • Java

The following code should be vulnerable to toctou attacks:

public Period(final Date start,final Date end) {
    if (start.compare(end) > 0) {
       throw new IllegalArgumentException("");
    }

    this.start = start;
    this.end = end;      // Class period has 2 private final member 
                         // variables Date start & end.

 }

What I don't understand is how this competitive condition will work? Suppose there are two threads T1 and T2. T1 has a set of valid parameters, which should be checked. T2 is a hacker who wants to set invalid values in the class

If two threads are competing and this code is a key part of us, T1 runs through check and sleeps Now, when T2 starts running, will it pass the check again (and fail)?

Solution

The problem is that the date is variable, so another thread can change the end date: end setTime(0); Check start After (easier way to write about your illness)

So it looks like:

> T1：start. After (end) = > returns false, everything looks good > T2: end setTime(0); => Sneaky thread 2 change date > T1: this start = start; this. end = end; // Boom = > your class invariant is no longer valid

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.

THE END

Java

二维码

Java uses regexp to split space?

< <上一篇

Java – how to kill a running thread while waiting?

下一篇>>

搜索内容

Java – how does the competitive condition in toctou work?

Solution

热门文章