C programs often rely on files to load and store data needed during program execution. File functions, such as open, read, write, and close are built into the C programming language to simplify how C programs interact with files. However, it is the underlying operating system that manages files. Inconsistencies may exist between how C programs and the underlying operating system handle the files and the file system. Many of these descrepencies can lead to security vulnerabilities.
The following rules and recommendations are suggested to reduce the common errors associated with file operations in C. These guidelines are designed to by system independent. However, files and file management are inherently tied to the underlying operating system. Cases where security issues or recomendations are specific to an architecture are clearly marked as pertaining to that architecture.
Recommendations
FIO001 Use file descriptors instead of filenames
FIO002 Translate filenames into canonical form
FIO003 Create temporary files in restricted directories
Rules
FIO30 Check file properties in a secure manor
FIO31 Detect and handle file operation errors
FIO032 Do not create temporary files with predictable names
FIO033 Verify path and filename parameters
FIO034 Do not make assumptions about the directory structure