SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 55

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 56

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Invoking remove() on an open file is implementation-defined. Removing an open file is sometimes recommended to hide the names of temporary files that may be prone to attack. (see See rule FIO43-C. Do not create temporary files in shared directories.).

In cases requiring the removal of an open file, a more strongly defined function, such as the POSIX unlink() function, should be considered. To be strictly conforming and portable, remove() should not be called on an open file.

...

Wiki Markup
This compliant solution uses the POSIX {{unlink()}} function to remove the file.  The {{unlink()}} function  is guaranteed  to unlink the file from the file system hierarchy but keep the file on disk until all open instances of the file are closed \[[Open Group 042004|AA. Bibliography#Open Group 04]\].

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO08-C

medium

probable

high

P4

L3

Automated Detection

Tool

Version

Checker

Description

Section

Compass/ROSE

...

 

 

Section

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

CERT This rule appears in the C++ Secure Coding Standard as : FIO08-CPP. Take care when calling remove() on an open file.

Bibliography

Wiki Markup\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.19.4.1, "The {{remove}} function"

Bibliography

Wiki Markup

\[[Open Group 042004|AA. Bibliography#Open Group 04]\] [{{unlink()}}|http://www.opengroup.org/onlinepubs/000095399/functions/unlink.html]

...