...
This code contains a time-of-creation-to-time-of-use (TOCTOU) race condition between the call to lstat() and the subsequent call to open() because both functions operate on a file name that can be manipulated asynchronously to the execution of the program (see FIO01-C. Be careful using functions that use file names for identification).
...