Is the problem mentioned in the standards the same with the one described
here?
http://www.linuxsecurity.com/content/view/115462/151/
Yes.
If yes, then, maybe, advice to use mktemp would be more appropriate?
Mentioning mktemp is a good idea. But doesn't noclobber also avoid the
security problem (though in an inferior way), because either your
program or the attacker's will fail to create the file, with noclobber
set.
Here's my attempt at a new paragraph:
In bash, use @code{set -C} (long name @code{noclobber}) to avoid this
problem; the @code{mktemp} utility is a more general solution for
creating temporary files from shell scripts (@pxref{mktemp
invocation,,, coreutils, GNU Coreutils}).
Wdyt?
