What's wrong with this code?


  /* Running as uid==someuser, euid==root */
  
  /* Be sure target file is owned by target user */

  if ( stat(FILENAME, &stats) == -1 ||      /* file doesn't exist */
      stats.st_uid == getuid() )) {         /* file owned by user */ 
  
      fd = open(FILENAME, O_CREAT|O_TRUNC, 0666);  /* Create file      */
      write(fd, buf, srtlen(buf) );                /* write out buffer */
      close(fd);
  
      /* Change owner of file to the target user, */
      /* in case it was newly created             */
      chown(FILENAME, getuid(), getgid());

  } else {
    fprintf(stderr, "Sorry, filename exists and isn't owned by target\n");
  }