1.概念
竞态条件((Race Condition))是指多个进程或线程在访问共享资源时的执行顺序无法确定,从而导致意外的结果。在Linux系统中,竞态条件可能会导致一些不安全的情况,例如文件的并发读写或竞争条件下的访问控制问题。
项目地址:phith0n/race-condition-playground: Playground for Race Condition attack (github.com)
为防止Race Condition漏洞 ,可以采用以下措施:
-
使用同步机制:确保在涉及共享资源的情况下,正确使用同步机制,如锁、信号量、互斥体等。同步机制可以防止多个线程或进程同时访问或修改共享资源,从而避免竞态条件。
-
原子操作:使用原子操作来确保多个线程或进程对共享资源的访问是原子的,即不可被打断的单个操作。原子操作可以在单个指令周期内完成,从而防止并发问题。
-
临界区保护:将对共享资源的访问限制在临界区内,这样只有一个线程或进程能够访问资源,其他线程或进程必须等待。使用临界区保护确保资源的一致性和安全性。
-
互斥锁:使用互斥锁(mutex)来实现对共享资源的互斥访问。当一个线程或进程获得互斥锁时,其他线程或进程必须等待,直到锁被释放。
-
条件变量:使用条件变量(condition variable)来防止无效的等待和唤醒,确保在合适的时机等待和唤醒线程。
2.项目环境搭建
1.配置依赖
在requirements.txt中有该项目所以要的依赖项 ,建议用pycharm打开一键配置
或者在项目中打开CMD中使用pip下载:pip install -r (依据自己文件所在的路径)
在所有依赖项安装完成之后 , 进入正题
2.安装cookiecutter 用于生成项目模板的工具
pip install "cookiecutter>=1.7.0"
3. 运行 选择配置(看自己需求,)
cookiecutter https://github.com/cookiecutter/cookiecutter-django
project_name [My Awesome Project]: demo_to_race
project_slug [demo_to_race]:
description [Behold My Awesome Project!]: race
author_name [Daniel Roy Greenfeld]: li
domain_name [example.com]:
email [li@example.com]:
version [0.1.0]:
Select open_source_license:
1 - MIT
2 - BSD
3 - GPLv3
4 - Apache Software License 2.0
5 - Not open source
Choose from 1, 2, 3, 4, 5 [1]:
Select username_type:
1 - username
2 - email
Choose from 1, 2 [1]:
timezone [UTC]: Asia/Shanghai
windows [n]:
Select editor:
1 - None
2 - PyCharm
3 - VS Code
Choose from 1, 2, 3 [1]:
use_docker [n]:
Select postgresql_version:
1 - 15
2 - 14
3 - 13
4 - 12
5 - 11
6 - 10
Choose from 1, 2, 3, 4, 5, 6 [1]:
Select cloud_provider:
1 - AWS
2 - GCP
3 - Azure
4 - None
Choose from 1, 2, 3, 4 [1]: 4
Select mail_service:
1 - Mailgun
2 - Amazon SES
3 - Mailjet
4 - Mandrill
5 - Postmark
6 - Sendgrid
7 - SendinBlue
8 - SparkPost
9 - Other SMTP
Choose from 1, 2, 3, 4, 5, 6, 7, 8, 9 [1]: 9
use_async [n]:
use_drf [n]:
Select frontend_pipeline:
1 - None
2 - Django Compressor
3 - Gulp
4 - Webpack
Choose from 1, 2, 3, 4 [1]:
use_celery [n]:
use_mailhog [n]:
use_sentry [n]:
use_whitenoise [n]: y
use_heroku [n]:
Select ci_tool:
1 - None
2 - Travis
3 - Gitlab
4 - Github
5 - Drone
Choose from 1, 2, 3, 4, 5 [1]:
keep_local_envs_in_vcs [y]:
debug [n]: y
[INFO]: .env(s) are only utilized when Docker Compose and/or Heroku support is enabled so keeping them does not make sense given your current setup.
[WARNING]: You chose to not use any cloud providers nor Docker, media files won't be served in production.
[SUCCESS]: Project initialized, keep up the good work!
4.创建数据库
忘记密码的话 ( 1. sudo -u postgres psql
2. ALTER USER postgres WITH PASSWORD 'new_password';
)
这将以 "postgres" 用户身份打开 PostgreSQL 的命令行终端。将 "new_password" 替换为您希望设置的新密码。
createdb --username=postgres demo_to_race
5.生成数据库、用户 、启动服务器
python manage.py migrate
python3 manage.py createsuperuser
python3 manage.py runserver 0.0.0.0:8080
li@li-virtual:~/Desktop/race-condition-playground-main$ python3 manage.py migrate
Operations to perform:
Apply all migrations: admin, auth, contenttypes, sessions, ucenter
Running migrations:
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying auth.0008_alter_user_username_max_length... OK
Applying auth.0009_alter_user_last_name_max_length... OK
Applying auth.0010_alter_group_name_max_length... OK
Applying auth.0011_update_proxy_permissions... OK
Applying auth.0012_alter_user_first_name_max_length... OK
Applying ucenter.0001_initial... OK
Applying admin.0001_initial... OK
Applying admin.0002_logentry_remove_auto_add... OK
Applying admin.0003_logentry_add_action_flag_choices... OK
Applying sessions.0001_initial... OK
Applying ucenter.0002_product_user_money_alter_user_id... OK
Applying ucenter.0003_withdrawlog... OK
li@li-virtual:~/Desktop/race-condition-playground-main$ python3 manage.py createsuperuser
Email: Libowen2002@outlook.com
Username: li
Password:
Password (again):
Superuser created successfully.
li@li-virtual:~/Desktop/race-condition-playground-main$ python3 manage.py runserver 0.0.0.0:8080
Performing system checks...
System check identified no issues (0 silenced).
August 05, 2023 - 14:37:39
Django version 4.2.4, using settings 'race_condition_playground.settings'
Starting development server at http://0.0.0.0:8080/
Quit the server with CONTROL-C.