What we've learned from the sections above is that the world is an evil place, and that if you're a security conscious programmer, you can lose some sleep over where and how to create files safely.
Up to now, we've discussed many techniques an attacker can use to make your program follow symlinks or hard links. I hope I have been able to emphasize that this is a very real problem, not just a theoretical one.
In addition to this, the problem is very wide spread, and hard to eradicate. When the developers of the GNU C compiler recently added code that warns you if your program uses a known dangerous function such as mktemp, some 50 or 60 packages in OpenLinux triggered these warnings when recompiled! In the three or four weeks of non-stop bugfixing that ensued, morale of our security team reached an all time low, as you can probably imagine:-)
In the following sections, we'll try to define some rules and cookbook style recipes that help you to deal safely with hostile directories.