...
Programmers frequently create temporary files in directories that are writable by everyone; examples include /tmp and /var/tmp on POSIX and C:\TEMP on Windows. Files in such directories may be purged regularly, such as every night or during reboot. However, an attacker who has access to the local file system can exploit operations on files in shared directories when those files are created insecurely or remain accessible after use. For example, an attacker who can both predict the name of a temporary file and change or replace that file can exploit a (TOCTOU) race condition to cause a failure in creating the temporary file from within program code or to cause the program to operate on a file determined by the attacker. This exploit is particularly dangerous when the vulnerable process is running with elevated privileges because the attacker can operate on any file accessible by the vulnerable process. On multiuser systems, a user can be tricked by an attacker into unintentionally operating on his or her the user's own files. Consequently, temporary file management must comply with rule FIO00-J. Do not operate on files in shared directories.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0c3d6780d2a4fd1d-92ce9d43-44dc4866-99f9b65b-c12ccbde2f144869c9a76aad"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ef482ac00634f6fe-d4659b15-40aa4422-848087a9-847fd0bcd72205d1495bbfe5"><ac:plain-text-body><![CDATA[ | [[Darwin 2004 | AA. Bibliography#Darwin 04]] | 11.5, Creating a Transient File | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1883d9c572b02162-451bae34-4d1f4e9b-933091f2-b6dcec5bee5dfe22bee0da77"><ac:plain-text-body><![CDATA[ | [[J2SE 2011 | AA. Bibliography#J2SE 11]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="87f51aef77cbbe3d-1d849285-48e54a7b-b35d98b3-3e86c9567d377120126309d1"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. Bibliography#SDN 08]] | Bug IDs 4171239, 4405521, 4635827, 4631820 | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a232b25736a3b45d-68fa6412-498048e4-b9eca3dd-5388b21ddc1bb96b2187150b"><ac:plain-text-body><![CDATA[ | [[Secunia 2008 | AA. Bibliography#Secunia 08]] | [Secunia Advisory 20132 | http://secunia.com/advisories/20132/] | ]]></ac:plain-text-body></ac:structured-macro> |
...