> This doesn't look that bad to me. > Here, the temporary file is in /etc/. If somebody can create a symlink in > /etc/, she can probably also change /etc/shadow. Yes, right. However, don't you think we'd better use a non-predictable temporary file name ?