MaxTurnIns Bypass Race Condition #16

daknob · 2014-09-19T13:58:01Z

A bypass for the maxturnins argument on LIMITS file has been found possible under certain conditions.
More specifically, a user that has initiated a turnin that is legal in terms of quota can finalise the submission even if the course changes the maxturnins during the process of submission.
Steps to reproduce:

Run turnin assignment@course file.c as user and finalise the turn in
Run turnin assignment@course file.c as user and wait before pressing the final y.
Run echo "maxturnins 1" > ~/TURNIN/assignment/LIMITSas course.
Press y as user on the second turnin.

Abuse of this race condition is detectable through the LOGFILE and SHA256 since it marks the submission sequentially, even if it's over the maximum allowed limit.

The text was updated successfully, but these errors were encountered:

daknob · 2014-09-19T14:01:15Z

DaKnOb added dofixitlazydev label

daknob · 2014-09-19T14:02:49Z

It has been discovered that the same issue exists with maxfiles, maxkbytes and binary as well.

daknob added the bug label Sep 19, 2014

zakkak added wontfix enhancement labels Sep 19, 2014

zakkak removed the bug label Sep 19, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MaxTurnIns Bypass Race Condition #16

MaxTurnIns Bypass Race Condition #16

daknob commented Sep 19, 2014

daknob commented Sep 19, 2014

daknob commented Sep 19, 2014

MaxTurnIns Bypass Race Condition #16

MaxTurnIns Bypass Race Condition #16

Comments

daknob commented Sep 19, 2014

daknob commented Sep 19, 2014

daknob commented Sep 19, 2014