| Wiki Markup |
|---|
Invoking {{remove()}} on an open file is [implementation-defined|BB. Definitions#implementation-defined behavior]. Removing an open file is sometimes recommended to hide the names of temporary files that may be prone to attack (see \[[TMP30-C. Temporary files must be created with unique and unpredictable file names]\]). |
In cases when requiring the removal of an open file needs to be removed, a more strongly defined function, such as the POSIX unlink() function, should be considered. To be strictly conforming and portable, remove() should not be called on an open file.
...
Code compiled using Microsoft Visual Studio C++ 2005 and run on Microsoft Windows XP , prevents the remove() call from succeeding when the file is open, meaning that the file link will remain after execution completes.
...
Calling remove() on an open file has different implications for different implementations and may cause abnormal termination if the removed file is written to or read from, or may result in unintended information disclosure from files not deleting a file deleted as intended.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO08-A | 2 (medium) | 1 (unlikely) | 2 (medium) | P4 | L3 |
...