diff --git a/Cargo.toml b/Cargo.toml
index af97c15..9a39986 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -8,3 +8,8 @@ members = [
     "crates/runc",
     "crates/runc-shim",
 ]
+
+[profile.release]
+# Keep binary as small as possible
+# https://doc.rust-lang.org/book/ch09-01-unrecoverable-errors-with-panic.html
+panic = 'abort'
diff --git a/crates/runc-shim/Cargo.toml b/crates/runc-shim/Cargo.toml
index bf460a0..7077ce8 100644
--- a/crates/runc-shim/Cargo.toml
+++ b/crates/runc-shim/Cargo.toml
@@ -25,7 +25,3 @@ crossbeam = "0.8.1"
 containerd-shim = { path = "../shim", version = "0.2.0" }
 runc = { path = "../runc", version = "0.1.0" }
 
-[profile.release]
-# Keep binary as small as possible
-# https://doc.rust-lang.org/book/ch09-01-unrecoverable-errors-with-panic.html
-panic = 'abort'
diff --git a/crates/runc/src/lib.rs b/crates/runc/src/lib.rs
index 5afce7c..2efa387 100644
--- a/crates/runc/src/lib.rs
+++ b/crates/runc/src/lib.rs
@@ -34,7 +34,10 @@
  */
 
 //! A crate for consuming the runc binary in your Rust applications, similar to [go-runc](https://github.com/containerd/go-runc) for Go.
+#![allow(unused)]
+
 use std::fmt::{self, Display};
+use std::io::Write;
 use std::path::{Path, PathBuf};
 use std::process::ExitStatus;
 
@@ -207,9 +210,16 @@ impl Runc {
 
     /// Execute an additional process inside the container
     pub fn exec(&self, id: &str, spec: &Process, opts: Option<&ExecOpts>) -> Result<()> {
-        let filename = utils::temp_filename_in_runtime_dir()?;
-        let spec_json = serde_json::to_string(spec).map_err(Error::JsonDeserializationFailed)?;
-        std::fs::write(&filename, spec_json).map_err(Error::SpecFileCreationFailed)?;
+        let (mut temp_file, filename) = utils::make_temp_file_in_runtime_dir()?;
+        {
+            let f = temp_file.as_file_mut();
+            let spec_json =
+                serde_json::to_string(spec).map_err(Error::JsonDeserializationFailed)?;
+            f.write(spec_json.as_bytes())
+                .map_err(Error::SpecFileCreationFailed)?;
+            f.flush().map_err(Error::SpecFileCreationFailed)?;
+        }
+
         let mut args = vec!["exec".to_string(), "--process".to_string(), filename];
         if let Some(opts) = opts {
             args.append(&mut opts.args()?);
diff --git a/crates/runc/src/utils.rs b/crates/runc/src/utils.rs
index bdc786c..5808f0c 100644
--- a/crates/runc/src/utils.rs
+++ b/crates/runc/src/utils.rs
@@ -95,6 +95,7 @@ pub fn make_temp_file_in_runtime_dir() -> Result<(NamedTempFile, String), Error>
     let file_name = temp_filename_in_runtime_dir()?;
     let temp_file = Builder::new()
         .prefix(&file_name)
+        .rand_bytes(0)
         .tempfile()
         .map_err(Error::SpecFileCreationFailed)?;
     Ok((temp_file, file_name))