...
This compliant solution uses a mutex to make credits and debits atomic operations. All credits and debits will now affect the account balance, so an attacker cannot exploit the race condition to steal money from the bank. The mutex is created with the pthread_mutex function. In addition, the volatile keyword is used so that prefetching does not occur. (see See rule DCL34-C. Use volatile for data that cannot be cached).
...
Race conditions caused by multiple threads concurrently accessing and modifying the same data can lead to abnormal termination and denial-of-service attacks , or data integrity violations.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
MITRE CWE: CWE-366, "Race Condition within a Thread"
Bibliography
| Wiki Markup |
|---|
\[[Dowd 062006|AA. Bibliography#Dowd 06]\] Chapter 13, "Synchronization and State" \[[MITRE 07|AA. Bibliography#MITRE 07]\] [CWE ID 366|http://cwe.mitre.org/data/definitions/366.html], "Race Condition within a Thread" \[[Seacord 05a2005a|AA. Bibliography#Seacord 05]\] Chapter 7, "File I/O" |
...