...
The security of I/O operations is dependent on the versions of the C library, the operating system, and the file system. Older libraries are generally more susceptible to security flaws than newer library versions. Different operating systems have different capabilities and mechanisms for managing file priviledgesprivileges. There are numerous different file systems, including: File Allocation Table (FAT), FAT32, New Technology File System (NTFS), NetWare File System (NWFS), and the Unix File System (UFS). There are also many distributed file systems including: Andrew File System (AFS), Distributed File System (DFS), Microsoft DFS, and Network File System (NFS). These filesystems vary in their capabilities and priviliege privilege mechanisms.
As a starting point, the I/O topic area describes the use of C99 standard functions. However, because these functions have been generalized to support multiple disparate operating and file systems, they cannot generally be used in a secure fashion. As a result, most of the rules and recommendations in this topic area recommend approaches that are specific to the operating system and file systems in use. Because of the imposed combinatorics, we are have not been able to provide inherent complexity, there may not exist compliant solutions for all operating sysetm system and file system combintationscombinations. HoweverTherefore, you should evaluate the applicability of the rules for the target operating system/file system combinations supported by your applicationshould be considered.
Recommendations
FIO01-A. Prefer functions that do not rely on file names for identification
...