| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
Information for Editors |
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| FIO30-C | High | Likely | Yes | No | P18 | L1 |
| FIO32-C | Medium | Unlikely | No | No | P2 | L3 |
| FIO34-C | High | Probable | Yes | Yes | P18 | L1 |
| FIO37-C | High | Probable | Yes | Yes | P18 | L1 |
| FIO38-C | Low | Probable | Yes | No | P4 | L3 |
| FIO39-C | Low | Likely | Yes | No | P6 | L2 |
| FIO40-C | Low | Probable | Yes | Yes | P6 | L2 |
| FIO41-C | Low | Unlikely | Yes | Yes | P3 | L3 |
| FIO42-C | Medium | Unlikely | No | No | P2 | L3 |
| FIO44-C | Medium | Unlikely | No | No | P2 | L3 |
| FIO45-C | High | Probable | No | No | P6 | L2 |
| FIO46-C | Medium | Unlikely | No | No | P2 | L3 |
| FIO47-C | High | Unlikely | Yes | No | P6 | L2 |
Related Rules and Recommendations
| Navigation Map | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...
C programs often rely on files to retreive and store data needed during program execution. File functions, such as open, read, write, and close are built into the C programming language to simplify how C programs interact with files. However, it is the underlying operating system that manages files. Inconsistencies may exist between how C programs and the underlying operating system handle the files and the file system. Many of these descrepencies can lead to security vulnerabilities.
The following rules and recommendations are suggested to reduce the common errors associated with file operations in C. These guidelines are designed to by system independent. However, files and file management are inherently tied to the underlying operating system. Cases where security issues or recomendations are specific to an architecture are clearly marked as pertaining to that architecture.
Recommendations
FIO01-A. Access files through file descriptors versus file names
FIO02-A. Canonicalize file names