Programmer's Ultimate Security DeskRef

Prototype: int chdir (const char *Path)
Summary: This function changes the current directory.
Description: The function changes the directory to which the current path points. The function only takes in the path to the new directory. The function returns a zero upon successful completion. In the event of an error, the function returns a -1 and sets the variable errno to the appropriate value.
Risk: Directory information is sought after by attackers to ascertain underlying operating system, configuration, and application-layer information. Human options should be limited to only include the desired directories via the appropriate access controls.
Additional Resources: http://nscp.upenn.edu/aix4.3html/libs/basetrf1/chdir.htm
Impact: High
Cross References: chroot
Prototype: int creat (const char *filename, mode_t mode)
Summary: This function is used to open a file.
Description: This function is used to open a file for processing, whether that be reading and/or writing. The function takes two inputs: the first being the filename and the second being the mode in which to open the file. The function returns a 0 if it is successful, and a -1 if not. In the event of an unsuccessful attempt to open the file, the variable errno will be set appropriately.
Risk: The creat function is susceptible to race condition attacks thereby it is mandatory that you undertake the proper precautions when implementing this function. Ensure that only a single instance of this function can execute at any given time. Additionally, ensure the data for the filename is properly parsed...