> On Jan 9, 2025, at 10:31, Bob Proulx <bob@xxxxxxxxxx> wrote: > > [...] In cases where > something is checked and then later used there is a gap of time when > the thing that was checked might be moved out of the way and replaced > with a different thing before it is used. That's a classic race > condition attack. [...] Thanks for calling that out, Bob. This class of defect is sometimes referred to as [TOCTOU][*]. (The "Preventing TOCTOU" section talks about why the OpenSSH code is structured as it is: "EAFP"). [*]: https://en.m.wikipedia.org/wiki/Time-of-check_to_time-of-use -- jim knoble _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
