Very often we need to create temporary files while creating a large piece of code. Common C library functions like tmpnam(), tempnam(), mktemp() etc are used to generate a unique name for a temporary file. These functions doesn't open that file. Other C functions like tmpfile(), mkstemp() are also available which generates a unique name for a temporary file as well as open that file. Now those name-generating-only functions are very much vulnerable to attack. There are several reasons behind that . Those functions generate random unique names for temporary files which are not too difficult to guess. So if an attacker can guess the file name and create a duplicate same-named filed between name generation and file opening process execution then it may cause serious security problems depending on file permissions and opening options . This is another aspect to keep in mind , file permission during creation and directory permission where those files would be stored ($ env | grep TMPDIR) must be set up with proper permissions to avoid security threats. So finally we can conclude that perhaps mkstemp() is the safest way to create temporary files as it creates and opens a unique file based on a filename template provided by the user combined with a series of randomly generated characters.
More detail information is available on Common Weakness Enumeration website.
