Race Condition

What is it

Imagine a race where an athlete starts a second before the gun is shot. This person has a fighting chance to win if his start is not captured.

Similarly if two system events which are supposed to run simultaneously do not run in that order due to timing issues, this will result in unexpected behavior.

How serious is it

Race conditions almost always result in chaos and potential loss of confidentiality, integrity and availability. If properly identified and executed an attacker can also gain access to a system.

However identifying race conditions is very difficult. Any system that supports multitasking with shared resources is susceptible to race conditions. This can be avoided if appropriate synchronization primitives are used.

How to prevent

Use appropriate synchronization primitives. Use one of the following concepts while coding in a language that supports them-

  • Lock variables
  • Named pipes
  • Semaphores
  • Mutex variables

Implement Secure Software Development Lifecycle (SSDLC)

Secure Coding guidelines although critical form ONLY a piece of the puzzle. In order to ensure that applications are secure, security need to be bolted right from the requirements stage and should extrapolate across every other stage be it Design, Coding, Review, Testing, Release or implementation.