[metadata]
id = "POS35-C"
type = "rule"
category = "POS"
number = 35
title = "Avoid race conditions while checking for the existence of a symbolic link"
description = """
Many common operating systems, such as Windows and UNIX, support symbolic (soft)
links. Symbolic links can be created in UNIX using theln -scommand or in Windows
by using directory junctions in NTFS or the Linkd.exe (Win 2K resource kit) or
"junction" freeware. If not properly performed, checking for the existence of
symbolic links can lead to race conditions. This rule is a specific instance of
ruleFIO45-C. Avoid TOCTOU race conditions while accessing files.
"""
severity = "High"
likelihood = "Likely"
priority = "P9"
level = "L2"
cert_version = "2016 Edition (Wiki)"
last_modified = "Oct 31, 2025"
[rules.cert_c.POS35-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/POS35-C.+Avoid+race+conditions+while+checking+for+the+existence+of+a+symbolic+link"
cwe = ["CWE-363", "CWE-764"]