C programs often rely on files to retrieve and store data needed during program execution. File functions, such as open, read, write, and close, are built into the C programming language to simplify how C programs interact with files. However, it is the underlying operating system that manages files and file access. Inconsistencies may exist between how C programs and the underlying operating system handle the files and the file system. Many of these discrepancies can lead to security vulnerabilities.
The following rules and recommendations are suggested to reduce the common errors associated with file operations in C. These guidelines are not designed for a specific system. However, files and file management are inherently tied to the underlying operating system. Cases or examples where security issues or recommendations are specific to an architecture are clearly marked as pertaining to that architecture.
Recommendations
FIO01-A. Access files through file descriptors versus file names
FIO02-A. Canonicalize file names originating from untrusted sources
FIO03-A. Do not allow directory characters in file names originating from untrusted sources
Rules
FIO31-C. Detect and handle file operation errors
FIO32-A. Verify file names supplied from untrusted sources
FIO33-C. Do not make assumptions about the nature of underlying file objects