> Well, it seems to me that the safest way to do this is to abandon the
> shared /tmp altogether and make every user provide his own ~/tmp. Best
> would be to define an environment variable TMP to point to it, so you
> could still do a single /tmp or put all the users' TMPs on a separate
> scratch disk or.... It seems to work well on VMS. Set the protections
> properly when the account is created, and if the user fiddles with them
> then he gets what he deserves.
AT&T created a multi-level secure version of System V some years ago
that gives each user his own /tmp to avoid security issues like the
ones being discussed.
Joe Buehler