...
FIO45-EX1: TOCTOU race conditions require that the vulnerable process is more privileged than the attacker; otherwise there is nothing to be gained from a succesfull attack. A program that runs with no privileges not already available to its user is not subject to this rule.
FIO45-EX2: Accessing a path multiple times is permitted if the path can not be modified by an attacker. This could occur, for example, if the path refers to a secure directory (for more information, see FIO15-C. Ensure that file operations are performed in a secure directory).
...