A /tmp for every user#
With the transition towards /run some temporary files will move towards /run/user/, but enough files remain in /tmp. Files that may leak information or be a point of code injection as shown with CVE-2012-3355. A first step is to create a temporary directory for every user when he or she logs in to restrict the exposure of temporary files.
After installing the right module for PAM and enabling it, every user that logs in will get its own directory for temporary files. In this case, based on the user’s ID number, but is still only accessible to the user themself.
$ sudo apt-get install libpam-tmpdir
$ sudo pam-auth-update --package tmpdir
$ ls -l /tmp
totaal 0
drwx--x--x 4 root root 80 jun 24 22:01 user
$ sudo ls -l /tmp/user
totaal 0
drwx------ 2 root root 40 jun 24 22:00 0
drwx------ 2 user1 users 40 jun 24 22:06 1000
drwx------ 2 user2 users 40 jun 24 22:03 1001
Files and directories that still remain in /tmp after this may ask for additional attention as the path to /tmp appears to be hardcoded. A small bug report may be in order to just move away from hardcoded paths as in most cases they also indicate a hardcoded file for all users on the system.