Many vulnerbilities involving files and file operations rely on a program accessing a predetermined file or directory. If the underlying file and directory structure is manipulated in a way that causes a program access a different file than the one intended, corrupted or malicious data may be accessed by the program. This can lead to to unintended program behavior. This technique is the premise for many attacks targeting UNIX symlinks and Windows shortcuts.
Once the correct file has been opened, a program is no longer vulnerableto these types of attacks so long as the file is accessed via a file descriptor. Thus, it is recommended that files are accessed through valid file handles, versus filenames.
h2 Non-compliant Example 1
h2 Compliant Solution 1