Securely changing ownership of a file (cont)

Verbose example:

   if ( ! (fd = open( FILENAME, O_RDONLY) ) ) {
       diehorribly("can't open file");
   }
   fstat(fd, &fstats);
   lstat(FILENAME, &lstats);
   if ( fstats.st_dev != lstats.st_dev || fstats.st_ino != lstats.st_ino ) {
      diehorribly("Somebody's attempting symlink attacks!");
   }
   /* Yes, the file we opened is the one that's there now. */
   /* Verify it's what we are expecting */
   if ( fstats.st_uid == expected_uid and fstats.st_gid == expected_gid ) {
      /* do something to it */
      fchown( fd, new_uid, new_gid );
   } else {
      diehorribly("Didn't get the file I expected.");
   }