...
File links can create security issues for programs that fail to consider the possibility that the file being opened may actually be a link to a different file. This is especially dangerous when the vulnerable program is running with elevated privileges.
Frequently, there is no need to check for the existence of symbolic links as this problem can be solved using other techniques. When opening an existing file, for example, the simplest solution is often to drop privileges to the privileges of the user. This solution permits the use of links while preventing access to files for which the user of the application is not privileged.
| Wiki Markup |
|---|
When creating new files, it may be possible to use functions which only create a new file where a file does not already exist. This prevents the application from overwriting an existing file during file creation (see \[[FIO03-A. Do not make assumptions about fopen() and file creation]]). |
In rare cases, it is necessary to check for the existence of symbolic or hard links to To ensure that a program is reading from an intended file and not a different file in another directory, it is necessary to check . In these cases, avoid creating a race condition when checking for the existence of symbolic or hard links.
Non-Compliant Code Example
...