...
Moreover, none of these functions are without problems. The best advice is not to create temporary files in shared directories (see FIO15-A. Do not create temporary files in shared directories). In cases where it is absolutely necessary to do so, the tmpfile_s() and mkstemp() functions provide the most secure solutions.
...
Removal Before Termination
It is important to remember to cleanup to allow Removing temporary files when they are no longer required allows file names and other resources (such as secondary storage) to be recycled. In the case of abnormal termination, there is no sure method that can guarantee the removal of orphaned files. For this reason, temporary file cleaner utilities, which are invoked manually by a system administrator or periodically run by a daemon to sweep temporary directories and remove old files, are widely used. However, these utilities are themselves vulnerable to file-based exploits, and often require the use of shared directories (see FIO15-A. Do not create temporary files in shared directories). During normal operation, it is the responsibility of the program to ensure that temporary files are removed either explicitly, or through the use of library routines such as tmpfile_s which guarantee temporary file deletion upon program termination.
...
The following non-compliant code example creates a file with some a hard coded file_name (presumably in a shared directory such as /tmp or C:\Temp).
...