Hi, On +2021-02-14 13:29:29 +0100, Maxime Devos wrote: > On Sat, 2021-02-06 at 22:26 +0100, Ludovic Courtès wrote: > > > > [...] > > I understand the TOCTTOU race. However, activation code runs in two > > situations: when booting the system (before shepherd takes over), and > > upon ‘guix system reconfigure’ completion. > >
Until we have a guix jargon file and a guix gloss SEARCHARGS ... convenience command, it is nice towards noobs to spell out an abbreviation or acronym on first use ;-) --8<---------------cut here---------------start------------->8--- Time-of-check to time-of-use From Wikipedia, the free encyclopedia (Redirected from TOCTTOU) Jump to navigation Jump to search In software development, time-of-check to time-of-use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by a race condition involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check. TOCTOU race conditions are common in Unix between operations on the file system,^[1] but can occur in other contexts, including local sockets and improper use of database transactions. In the early 1990s, the mail utility of BSD 4.3 UNIX had an exploitable race condition for temporary files because it used the mktemp()^[2] function.^[3] Early versions of OpenSSH had an exploitable race condition for Unix domain sockets.^[4] They remain a problem in modern systems; as of 2019, a TOCTOU race condition in Docker allows root access to the filesystem of the host platform.^[5] [ ] --8<---------------cut here---------------end--------------->8--- [...snip...] -- Regards, Bengt Richter