Tags: race-condition pwn
Rating: 3.0
# CRLD (Pwn 500 pts)
## Short Version
Your classic file access race condition.
1) In one process create a file with whatever contents, link the same filename to the flag file then delete the link, continue loop
2) In a separate thread try to read the file in a loop
3) Run until the flag prints out
The idea here is we will trick the program into calling read inbetween the create file and link call, then after the check to make sure we are not accessing the flag file, link will be called from a separate thread just as we open the file and it will write out the contents of the flag file before delete is called.
## Longer Version
[https://github.com/mrchisel14/CTFs/tree/master/2018/EVLZCTF2018/CRLD](https://github.com/mrchisel14/CTFs/tree/master/2018/EVLZCTF2018/CRLD)