Skip to main content
GitHub

POSIX (POS)

This appendix contains guidelines for functions that are defined as part of the POSIX family of standards but are not included in the C Standard. These rules and recommendations are not part of the core standard because they do not apply in all C language applications and because they represent an incomplete set. The intent of providing these guidelines is to demonstrate how rules and recommendations for other standards or specific implementations may be integrated with the core C recommendations.

Risk Assessment Summary

RuleSeverityLikelihoodDetectableRepairablePriorityLevel
POS30-CHighProbableYesYesP18L1
POS34-CHighUnlikelyYesNoP6L2
POS35-CHighLikelyNoNoP9L2
POS36-CHighProbableYesYesP18L1
POS37-CHighProbableYesYesP18L1
POS38-CMediumUnlikelyNoNoP2L3
POS39-CMediumLikelyYesNoP12L1
POS44-CLowProbableNoNoP2L3
POS47-CMediumProbableNoNoP4L3
POS48-CMediumProbableNoNoP4L3
POS49-CMediumProbableNoNoP4L3
POS50-CMediumProbableNoNoP4L3
POS51-CLowProbableNoNoP2L3
POS52-CLowProbableNoNoP2L3
POS53-CMediumProbableYesNoP8L2
POS54-CHighLikelyYesYesP27L1
CON04-C. Join or detach threads even if their exit status is unimportant
ENV03-C. Sanitize the environment when invoking external programs
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
ENV33-C. Do not call system()
ERR32-C. Do not rely on indeterminate values of errno
FIO01-C. Be careful using functions that use file names for identification
FIO02-C. Canonicalize path names originating from tainted sources
FIO05-C. Identify files using multiple file attributes
FIO08-C. Take care when calling remove() on an open file
FIO22-C. Close files before spawning processes
FIO30-C. Exclude user input from format strings
FIO32-C. Do not perform operations on devices that are only appropriate for files
POS04-C. Avoid using PTHREAD_MUTEX_NORMAL type mutex locks
POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
POS54-C. Detect and handle POSIX library errors
SIG00-C. Mask signals handled by noninterruptible signal handlers
SIG01-C. Understand implementation-specific details regarding signal handler persistence
SIG02-C. Avoid using signals to implement normal functionality