In closing this chapter, here's a piece of advice I have for you if you write a setuid or setgid application: If you create a temporary file in a hostile directory, drop privilege first.
There are a couple of setuid or setgid applications that do need to create temporary files; for instance the passwd application needs to create a new copy of the /etc/shadow database with the changed password. However, there's no need to do that in directories such as /tmp, things work equally well (and you avoid bad headaches) if you create the file in the same directory as the original one (i.e. the temporary copy of the shadow file would go into /etc/shadow.tmp.
Another application that wants to create a temporary file is crontab. It copies the user's list of cron jobs to a file in /tmp, lets him edit it using his favorite editor, and installs the changed list. In this case, it is appropriate to create a file in /tmp. But there's no reason why you shouldn't create the file with the uid of the user invoking the crontab command.