"Ken Raeburn via RT" <rt-comment@krbdev.mit.edu> writes:

> With fchmod, we would have a race condition where some other party  
> could open the file after it was created but before the fchmod call.   
> In the normal UNIX model, fchmod does not revoke access to an already  
> opened file.

Ok, so this is a case where using mkstemp() is clearly less safe.
What should we do?  tmpnam() and open(O_CREAT|O_EXCL)?  Some
development environments are evolving toward warning about uses of
mktemp(), which is similar to tmpnam(), so they may also flag uses of
tmpnam().

We could use umask(), but while we could lock around it, we could not
guarantee that the application would not call umask() outside of our
locks.

I'm going to revert this change for now.