Race Condition

Code

Source code of a C program that calls a syscall to switch two files, useful when exploiting race conditions.

rename.c

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
#define _GNU_SOURCE
#include <stdio.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <linux/fs.h>

// source https://github.com/sroettger/35c3ctf_chals/blob/master/logrotate/exploit/rename.c
int main(int argc, char *argv[]) {
  while (1) {
    syscall(SYS_renameat2, AT_FDCWD, argv[1], AT_FDCWD, argv[2], RENAME_EXCHANGE);
  }
  return 0;
}

// gcc rename.c -o rename && chmod +x rename
// ./rename <FILE1> <FILE2>

Resources

Videos

File Path Race Condition & How To Prevent It - bin 0x31 - YouTube
Race Condition Trick /proc/self/fd - YouTube

GitHub

Safely Creating And Using Temporary Files
File Path Race Condition · GitHub
Race Conditions with -exec

Last updated on May 12, 2026