[krbdev.mit.edu #8020] rename() failure in src/util/profile/prof_file.c:write_data_to_file()

[Greg Hudson via RT]

rename does not fail when the target file is open, so that sequence of 
events would not cause this problem to arise in practice.

I don't understand the explanation for why you would open krb5.conf with 
O_NOLINKS.  Profiles are read out of well-controlled paths like 
/etc/krb5.conf or /var/krb5kdc/kdc.conf, not uncontrolled paths under /tmp.  
There is no way an attacker could redirect someone to the wrong file.