Everything to do with : Race Condition Vulnerability (Part -1)
To understand race condition you need to have an understanding of the “Concurrency Concept”, “Multiprocessing”, “Multithreading” &“Scheduling”.
Concurrency Concept means executing different parts of a program simultaneously without affecting the actual outcome.
Concurrency has 2 parts:-
i) Multiprocessing — uses multiple CPU to execute the information.
ii) Multithreading — uses the same CPU to execute multiple information.
Scheduling — is an arrangement of all the threads to be executed in sequence.
Now let’s take a simple example.
Here I am scheduling a process i.e., Stage to Stage7
It is working on two threads i.e., Thread 1 & Thread 2.
The final value is 2, as expected in the case shown above. However, if the two threads run simultaneously without locking or synchronization (via semaphores), the outcome of the operation could be wrong.
In this scenario, the final result is 1 instead of the expected 2. This discrepancy arises because the increment operations are not mutually exclusive.
To summarize, race conditions occur when the outcome of one thread’s execution depends on another thread’s outcome, and when multiple threads operate on the same resources without considering that other threads may also be using those resources. When these threads are executed simultaneously, unexpected outcomes can occur.
When a Race Condition Becomes a Vulnerability
Now when this Race Condition becomes vulnerability, when it harms and impacts the
You end up with the correct amount of money in the end: a total of $500 in your two bank accounts. But if you can send the two requests simultaneously?
Observe that, in this scenario, you end up with more money than you started with. Instead of having $500 in your accounts, you now own a total of $1,000. You made an additional $500 by exploiting a race condition vulnerability!!!
Remediation
- Locks: Implement locks to ensure that only one process can access the critical section at a time.
- Semaphores: Semaphores are just normal variables used to coordinate the activities of multiple processes in a computer system. They are used to enforce mutual exclusion, avoid race conditions, and implement synchronization between processes.
- Atomic operations: Atomic operations in Operating System are those operations, which execute without interruption of any other process in between their execution phase.
- Thread-Safe Libraries: Opt for thread-safe libraries that manage synchronization internally, reducing the chances of race conditions.
