In this chapter we'll discuss another class of security bugs that is very common, and which affects setuid programs, network daemons and common user applications alike.
The problem, put simply, is when a program opens a file called /foo/bar/baz and stores the string AAAA in it, how can it know it did not clobber, say, the /etc/shadow file instead?
This may sound far-fetched, or even like a plain bug in the operating system kernel, but it is none of both. In fact, it's probably the most common security bug.