Many vulnerbilities involving files and file operations rely on a program accessing a predetermined file or directory. If the underlying file and directory structure is manipulated in a way that causes a program access a different file than the one intended, corrupted or malicious data may be accessed leading to to unintended program behavior. This technique is the premise for many attacks targeting UNIX symlinks and Windows shortcuts.
Once the correct file has been opened, a program is no longer vulnerable to these types of attacks so long as the file is accessed via a file descriptor. Thus, it is recommended that files are accessed through valid file handles, versus filenames.
h2 Non-compliant Example 1
h2 Compliant Solution 1