C programs often rely on file to load or store data needed during program execution. File operationsfunctions, such as open, read, write, and close are built into the C programming language itself to simplify how C programs manipulate interact with files and file data. However, By definition, the underlying operating system is responsible for managing access to files. This creates irregularities and inconsistencies between C programs and the underlying file system have long been a source of vulnerabilities. Many of these descrepencies can lead to security vulnerabilities.
The following rules and recommendations are designed to reduce the common errors associated with file operations in C. These guidelines are designed to by system independent. However, files and file management is inherently tied to the underlying operating system. Cases where security issues or recomendations are specific to an architecture are clearly marked as pertaining to that architecture.
Recommendations
FIO001 Use file descriptors instead of filenames
...