C programs often rely on file to load or store data needed during program execution. File functions, such as open, read, write, and close are built into the C programming language itself to simplify how C programs interact with files and file data. By definition, the underlying operating system is responsible for managing access to files. This creates irregularities and inconsistencies between C programs and the underlying file system. Many of these descrepencies can lead to security vulnerabilities.
The following rules and recommendations are designed to reduce the common errors associated with file operations in C. These guidelines are designed to by system independent. However, files and file management is inherently tied to the underlying operating system. Cases where security issues or recomendations are specific to an architecture are clearly marked as pertaining to that architecture.
Recommendations
FIO001 Use file descriptors instead of filenames
FIO002 Translate filenames into canonical form before use
FIO003 Create temporary files in restricted directories
Rules
FIO30 Check file properties securely
FIO31 Detect and handle file operation errors
FIO032 Do not create tempory files with predictable names
FIO033 Verify path and filename parameters
FIO034 Do not make assumptions about the structure of the underlying filesystem