cybersecurity · intermediate · ~15 min

Is the file-access approach TOCTOU-safe?

Recognise the TOCTOU-safe pattern.

Challenge

Implement int toctou_safe(const char *approach) returning 1 for "open-then-fstat" and "use-fd" (operate on the open descriptor) and 0 for "stat-then-open" (the classic check-then-use race).

Starter code

#include <string.h>

int toctou_safe(const char *approach) {
    /* TODO */
    return 0;
}

Solve this exercise in the browser editor — compile and run against the test harness, no setup required.