A
race condition (TOCTOU — Time of Check/Time of Use) exploits a timing gap between checking permissions and using a resource — allowing unauthorized actions during that window.
TOCTOU: check file permissions (OK), attacker swaps file, use file (unauthorized file used). Common in Unix setuid programs. Fix: atomic operations, use file handles not names after permission checks.