7.8. Load Initialization Values Safely
Many programs read an initialization file to allow their defaults to be
configured.
You must ensure that an attacker can't change which initialization file
is used, nor create or modify that file.
Often you should not use the current directory
as a source of this information, since if the program is used as an
editor or browser, the user may be viewing the directory controlled
by someone else.
Instead, if the program is a typical user application, you should load
any user defaults from a hidden file or directory contained in the user's
home directory.
If the program is setuid/setgid, don't read any file controlled by the
user unless you carefully filter it as an untrusted (potentially
hostile) input.
Trusted configuration values should be loaded from somewhere else
entirely (typically from a file in /etc).