C programs often rely on files to retreive and store data needed during program execution. File functions, such as open, read, write, and close are built into the C programming language to simplify how C programs interact with files. However, it is the underlying operating system that manages files. Inconsistencies may exist between how C programs and the underlying operating system handle the files and the file system. Many of these descrepencies can lead to security vulnerabilities.
The following rules and recommendations are suggested to reduce the common errors associated with file operations in C. These guidelines are designed to by system independent. However, files and file management are inherently tied to the underlying operating system. Cases where security issues or recomendations are specific to an architecture are clearly marked as pertaining to that architecture.
Recommendations
FIO01-A. Access files through file descriptors versus file names
FIO02-A. Canonicalize un-trusted file names
FIO03-A. Disallow directory characters in un-trusted file names
Rules
FIO31-C. Detect and handle file operation errors
FIO32-A. Verify un-trusted file names
FIO33-C. Protect file names