search

Race Conditions

hashtag
Overview

Race condition is a situation where the output of a system or program is dependent on the timing of other uncontrollable events. When a privileged program has a race condition problem, by putting influences on the "uncontrollable" events, attackers may be able to affect the output of the privileged program.

hashtag
The General Race Condition Problem

circle-info

Race conditions in software occur when two concurrent threads or processes access a shared resource in a way that unintentionally produces different results depending on the sequence or timing of the processes or threads.

To understand the concept, let us look at the following code, which runs inside an ATM machine:

function withdraw($amount)
{
    $balance = getBalance();
    
    if ($amount <= $balance)
    {
        $balance = $balance - $amount;
        echo "You have withdrawn: $amount";
        saveBalance($balance);
        // Give money to customer (code omitted)
    }
    else
    {
        echo "Insufficient funds.";
    }
}

When a customer tries to withdraw money from this ATM machine, the function checks the remote database and see whether the amount to be withdrawn is less than the customer's current balance; if yes, it authorizes the withdraw (not shown in the code) and updates the balance. Assuming that you have $1000 in your account, will you be able to withdraw $1800?

To achieve this, you need two ATM cards and an accomplice. Two of you need to withdraw $900 simultaneously. After the first ATM machine just finishes checking the balance, but before it saves the updated balance back to the database, the second ATM machine comes to ask for the balance; it will still see $1000, and will therefore authorize the withdraw request. Therefore, both of you get $900 from the ATM machines, and there will still be $100 left on the balance. This is clearly a vulnerability.

The phenomenon described above was originally observed in electronic systems, where the timing of signals is important. If the output is dependent on the sequence or timing of other uncontrollable events, an undesirable situation exists. This is called race condition, a term originated with the idea of two signals racing each other to influence the output.

hashtag
Reference

Computer & Internet Securitywww.handsonsecurity.netchevron-right
Computer & Internet Security: A Hands-on Approach
PreviousUAFNextTOCTTOU

Last updated