*nix systems assume you know what you're doing - even if you're doing something silly or dangerous. That's why you need to take extra precautions if you expect your code to be run as a privileged process.
by G. Ann Campbell
From the article:
Libraries and system utilities form the foundations on which larger projects are built. So it's critical to make sure they, in particular, are secure. That's why we recently introduced five new rules for C++ and C to detect broken authentication and access control in *nix systems. The new rules fall into three categories: account validity, granting permissions, and changing directories.