...
When temporary files are needed for storage, they should be created either in a secure directory (see FIO17FIO15-A. Ensure that file operations are performed in a secure directory) or jail (see FIO16-A. Limit access to files by creating a jail). This will help protect these files from unintended access by attackers.
...
This compliant solution invokes the an implementation secure_dir(} function (such as the one defined in FIO17FIO15-A. Ensure that file operations are performed in a secure directory) to ensure the temporary file resides in a secure directory.
...