...
Programs with elevated privileges may need to write files to directories owned by unprivileged users. One example would be a mail daemon that reads a mail message from one user, and places it in a directory owned by another user. In such cases, the proper course of action is to assume the privileges of a user when reading or writing files on behalf of that user, in which case all file access should occur in secure directories relative to that user. If a program with elevated privileges must write files on it's own behalf, then these files should be in secure directories relative to the privileges of the program (such as directories accessible only by the superuser).
Exceptions
FIO04FIO00-EX0: Programs that operate on single user systems, or on systems where there are no shared directories or no possibility of file system vulnerabilities, do not need to ensure that files are maintained in secure directories before operating on them.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO04 FIO00-J | medium | unlikely | medium | P4 | L3 |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="17c820b9d17e794e-14a10968-4ca24e14-874f85c4-198f6f70fb0bc20881a58364"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | Class File, methods | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c9c1e6039681869b-dd0c4309-4e40432c-a2e59ace-5bff0f811e1029e01189d07d"><ac:plain-text-body><![CDATA[ | [[CVE 2008 | AA. Bibliography#CVE 08]] | [CVE-2008-5354 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2f73b9e845cc25ab-cfa6f7cc-4a3949ba-9a37b40d-17a40defb9d07ab227d32182"><ac:plain-text-body><![CDATA[ | [[Darwin 2004 | AA. Bibliography#Darwin 04]] | 11.5 Creating a Transient File | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="79d47c9316c7e227-9059c5fb-46ca4bf3-98bbb6d7-1ef1fa9b88b0e4231e1f0c3f"><ac:plain-text-body><![CDATA[ | [[Garfinkel 1996 | AA. Bibliography#Garfinkel 96]] | Section 5.6, "Device Files" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b700aba49f898368-8e2b9442-46af4070-bc59ac27-afa0cd9ccdc8d4f2dc4911e9"><ac:plain-text-body><![CDATA[ | [[Howard 2002 | AA. Bibliography#Howard 02]] | Chapter 11, "Canonical Representation Issues" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bf969b8c91368bd1-f6828519-425c442a-97baba6a-ac3eacc780f3ee1745ac4e98"><ac:plain-text-body><![CDATA[ | [[J2SE 2011 | AA. Bibliography#J2SE 11]] | The try-with-resources Statement | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="275c207e1db86fc5-9306963f-46dd4f22-8c63a86f-e3a613d6c6237d6eeaacfff1"><ac:plain-text-body><![CDATA[ | [[Open Group 2004 | AA. Bibliography#Open Group 04]] | [ | http://www.opengroup.org/onlinepubs/009695399/functions/open.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bcb38011653b826b-d3f74182-470d4c35-91e2a88d-8fa46aeb1868f04f9b788e0b"><ac:plain-text-body><![CDATA[ | [[SDN 2008 | AA. Bibliography#SDN 08]] | Bug IDs: 4171239, 4405521, 4635827, 4631820 | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="00e3f886f72fe5b0-63eb8d6a-413d447a-93f9b023-6f2735334668ea632bc6de65"><ac:plain-text-body><![CDATA[ | [[Secunia 2008 | AA. Bibliography#Secunia 08]] | [Secunia Advisory 20132 | http://secunia.com/advisories/20132/] | ]]></ac:plain-text-body></ac:structured-macro> |
...