[metadata]
id = "FIO21-C"
type = "recommendation"
category = "FIO"
number = 21
title = "Do not create temporary files in shared directories"
description = """
Programmers frequently create temporary files in directories that are writable
by everyone (examples are/tmpand/var/tmpon UNIX and%TEMP%on Windows) and may be
purged regularly (for example, every night or during reboot). Temporary files
are commonly used for auxiliary storage for data that does not need to, or
otherwise cannot, reside in memory and also as a means of communicating with
other processes by transferring data through the file system. For example, one
process will create a temporary file in a shared directory with a well-known
name or a temporary name that is communicated to collaborating processes. The
file then can be used to share information among these collaborating processes.
This practice is dangerous because a well-known file in a shared directory can
be easily hijacked or manipulated by an attacker.Mitigationstrategies include
the following:
"""
severity = "Medium"
likelihood = "Probable"
priority = "P4"
level = "L3"
cert_version = "2016 Edition (Wiki)"
last_modified = "Aug 29, 2025"
[rules.cert_c.FIO21-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/FIO21-C.+Do+not+create+temporary+files+in+shared+directories"
cwe = ["CWE-379"]