RaceGuard: Kernel Protection From Temporary File Race Vulnerabilities

Temporary file race vulnerabilities occur when privileged programs attempt to create temporary files in an unsafe manner. “Unsafe” means “non-atomic with respect to an attacker’s activities.” There is no portable standard for safely (atomically) creating temporary files, and many operating systems have no safe temporary file creation at all. As a result, many programs continue to use unsafe means to create temporary files, resulting in widespread vulnerabilities. This paper presents RaceGuard: a kernel enhancement that detects attempts to exploit temporary file race vulnerabilities, and does so with sufficient speed and precision that the attack can be halted before it takes effect. RaceGuard has been implemented, tested, and measured. We show that RaceGuard is effective at stopping temporary file race attacks, preserves compatibility (no legitimate software is broken), and preserves performance (overhead is minimal).