I've been asked about the implications of mktemp() for creating
temporary directories.  There was a concern that there may be
exploitable race conditions.

Well, I did some testing, and it appears that if you do something
like:
	cd /tmp
	rm source dest
	ln -s source dest	# now, source is a link pointing to a
				  non-existant dest
	mkdir(source, 0755)	# returns EEXIST

So, from this, I don't think that there is an exploitable race.
A denial of service may be possible, but that's not in the same
league.

Have I missed something?