Previously the command opened the lock file using fopen with "w" mode,
which truncates the file to zero length. This is unsafe because:
1. If the lock file path is a symlink, the target file gets truncated
2. Race conditions between path resolution and file opening can be
exploited to truncate arbitrary files
An attacker can exploit this by creating a symlink at a predictable
lock file location pointing to a critical file (e.g., source files,
configuration, or system files). When cmake runs file(LOCK), it
follows the symlink and destroys the target file's contents.
Fix by changing the file mode from "w" (write/truncate) to "a"
(append). This creates the file if it doesn't exist but preserves
existing content, preventing data destruction attacks.
8ada1bcf8c