Time-of-check time-of-use (TOCTOU) race condition in file operations

ID

c.race_condition.toctou_file_operations

Severity

low

Resource

Race Condition

Language

C / C++

Description

The function $FUNC operates on file paths and may be vulnerable to Time-of-Check Time-of-Use (TOCTOU) race conditions. An attacker may modify the file or replace it with a symbolic link between the check and use operations. Use file descriptor-based alternatives when available: fchmod instead of chmod, fchown instead of chown, fstatat with AT_SYMLINK_NOFOLLOW, or open the file first and use fstat to verify st_dev and st_ino match before operating on it.

Rationale

The function $FUNC operates on file paths and may be vulnerable to Time-of-Check Time-of-Use (TOCTOU) race conditions. An attacker may modify the file or replace it with a symbolic link between the check and use operations. Use file descriptor-based alternatives when available: fchmod instead of chmod, fchown instead of chown, fstatat with AT_SYMLINK_NOFOLLOW, or open the file first and use fstat to verify st_dev and st_ino match before operating on it.

The following code illustrates a vulnerable pattern detected by this rule:

void vulnerable_chmod() {
    // VULNERABLE: Time-of-check time-of-use (TOCTOU) race condition in file operations
    // chmod operates on path, vulnerable to symlink attacks
    chmod("/tmp/myfile", 0644);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References