Many of you have source to the operating systems and tools you run.
I like to make a strong recommendation for source-level audits as the
best way to find these problems. And while you are there you can fix
them too, and then tell the maintainers of the packages; not just
For instance, all programs compiled with GNU f77 have 2 mktemp races.
It's in the source. I just contacted the maintainer of the package;
he didn't appear to have any idea what a /tmp race is. This is going
to be extremely common. So those who care about this issue should
start auditing code, and then telling the authors of these systems
that such problems are unacceptable. Try to give them patches. Push
hard to get these things fixed.