Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Many file-related security vulnerabilities result from a program accessing an unintended file object because file names are only loosely bound to underlying file objects. File names provide no information regarding the nature of the file object itself. Furthermore, the binding of a file name to a file object is reasserted every time the file name is used in an operation.

Files Identifying that the file being opened is the right one can be difficult; see Intro-FIO51-JG. Be careful using methods that use file names for identification for more details. Files can often be identified by other attributes in addition to the file name, for example, by comparing file creation time or modification times. Information about a file that has been created and closed can be stored and then used to validate the identity of the file when it is reopened.

...