Enabling polyinstantiated directories

On Linux and Unix systems, the /tmp/ and /var/tmp/ locations are world writable. They are used to provide a common location for temporary files and are protected through the sticky bit so that users cannot remove files they don't own from the directory, even though the directory is world writable.

But despite this measure, there is a history of attacks against the /tmp/ and /var/tmp/ locations, such as race conditions with symbolic links and information leakage through (temporary or not) world or group-readable files generated within.

Polyinstantiated directories provide a neat solution to this problem: users get their own, private /tmp/ and /var/tmp/ instance. These directory instances are created upon login ...

Get SELinux Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.