Jeff Epler wrote:
> Changing to lchmodat should resolve the problem

No, that would just introduce the opposite bug: chmod is supposed to follow a
symlink, and using lchmod would let an attacker provoke a race that would cause
chmod to not follow a symlink that it should.

A better way to fix this problem on GNU/Linux is to use O_PATH, not lchmod. I
don't know of any way to fix it on other platforms that lack O_PATH.