Page History

...

Performing operations on files in shared directories can result in DoS attacks. If the program has elevated privileges, privilege escalation exploits are possible.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
FIO01-PL	Medium	Unlikely	Medium	P4	L3

Automated Detection

Tool

Version

Checker

Description

Security Reviewer - Static Reviewer

Include Page

	Security Reviewer - Static Reviewer_V
	Security Reviewer - Static Reviewer_V

PERL_S33

Fully implemented

Related Guidelines

SEI CERT C Coding Standard	FIO15-C. Ensure that file operations are performed in a secure directory
SEI CERT C++ Coding Standard	VOID FIO15-CPP. Ensure that file operations are performed in a secure directory
CERT Oracle Secure Coding Standard for Java	FIO00-J. Do not operate on files in shared directories

Bibliography

[CPAN]	POSIX
[Garfinkel 1996]	Section 5.6, "Device files"
[Howard 2002]	Chapter 11, "Canonical Representation Issues"
[Open Group 08]


[VU#570952]	Redhat Linux diskcheck.pl creates predictable temporary file and fails to check for existing symbolic link of same name
[Wall 2011]	perlfunc

...

Space shortcuts

Page tree

Versions Compared

Old Version 23

New Version Current

Key

Automated Detection

Related Guidelines

Bibliography