The Google C++ style guide section "Other C++ features" contains the following:
In addition to what's described in the rest of the style guide, the following C++ features may not be used:
- Compile-time rational numbers (
<ratio>), because of concerns that it's tied to a more template-heavy interface style.- The
<cfenv>and<fenv.h>headers, because many compilers do not support those features reliably.- The
<filesystem>header, which does not have sufficient support for testing, and suffers from inherent security vulnerabilities.
(emphasis mine)
I am aware that the Google C++ style guide can be somewhat controversial, and there are points I disagree with. Nevertheless I am curious to know what are the inherent security vulnerabilities present in the <filesystem> header are that this refers to, that would not be present when using some other means of accessing the file system (e.g. OS-specific API calls).
It’s just that <filesystem> wraps system calls like rename rather than renameat and so doesn’t allow resolving a filename without being subject to symlink attacks. This of course doesn’t affect all use cases, but it is a legitimate concern; perhaps a future C++ version will include a descriptor-based interface.