Day 50: Symbolic Link Attack, Overwrite Root Files with SUID/Root Invocation

Systems have to use common code bases or APIs to handle files, do things like open them, write to them, read them and create them. File handling can be attacked in a number of ways.

Symbolic link attack

It is a good idea to check whether a file exists or not before creating it. However, a malicious user might create a file (or worse, a symbolic link to a critical system file) between your check and the moment you actually use the file.

Mitigation

Avoid the race condition by accessing directly the file, and don’t overwrite it if it already exists.