TOCTOU Vulnerability

A TOCTOU vulnerability (Time-Of-Check to Time-Of-Use, CWE-367) is a specific kind of race condition where a program checks a property of a resource (file ownership, permissions, content) and then operates on that resource as if the check is still valid. An attacker who can swap the resource between the two steps — typically using symlinks, renames or shared memory — bypasses the check entirely. The classic example is access() followed by open(): the attacker replaces the path with a symlink to /etc/shadow after access() returns success. Defences include filesystem APIs that combine check and use (openat with O_NOFOLLOW, fstat), holding file descriptors instead of paths, file locking, and stricter sandbox boundaries.