C programs often rely on files to load and store data needed during program execution. File functions, such as open, read, write, and close are built into the C programming language to simplify how C programs interact with files. However, it is the underlying operating system that manages files. Inconsistencies may exist between how C programs and the underlying operating system handle the files and the file system. Many of these descrepencies can lead to security vulnerabilities.
The following rules and recommendations are suggested to reduce the common errors associated with file operations in C. These guidelines are designed to by system independent. However, files and file management are inherently tied to the underlying operating system. Cases where security issues or recomendations are specific to an architecture are clearly marked as pertaining to that architecture.
Recommendations
FIO01-A. Use file descriptors instead of filenames
FIO02-A. Translate file names supplied from untrusted sources into canonical form
FIO03-A. Use atomic file operations
Rules
FIO31-C. Check a file's properties before operating on that file
FIO32-C. Detect and handle file operation errors
FIO33-C. Do not create temporary files with predictable names
FIO34-C. Do not make assumptions about directory structure
FIO35-C. Ensure a file does not exist before attempting to create it