It's possible to gather some information from a directory to which an attacker has write access, though I'd have to look up details.
In general, this can usually be mitigated to some extent by creating a directory to which only the owner has access.
There are a number of ... interesting ... other circumstances which you might want to consider:
- /tmp is mounted as a ramdisk / memory-only filesystem. This is guaranteed not to persist over reboots, though there may be residual artefacts in memory even after a power-off. That last isn't a significant concern for many people, though it may turn up for others.
- /tmp is a network share. This is uncommon, but NFS + sudo across shared systems means that a user on a remote system may be able to assume your credentials and access or modify your data. rootsquash means that root isn't available, but sudo means that any UID can be defined.
- Various filesystem permissions or limitations may or may not apply to /tmp. I tend to prefer mounting /tmp as its own filesystem, with nodev and nosuid set. There might also be noexec, which can foul up a lot of temporary installation scripts.
An alternative is for users to define their own preferred temporary directory. I usually include ~/tmp under $HOME.
In general, this can usually be mitigated to some extent by creating a directory to which only the owner has access.
There are a number of ... interesting ... other circumstances which you might want to consider:
- /tmp is mounted as a ramdisk / memory-only filesystem. This is guaranteed not to persist over reboots, though there may be residual artefacts in memory even after a power-off. That last isn't a significant concern for many people, though it may turn up for others.
- /tmp is a network share. This is uncommon, but NFS + sudo across shared systems means that a user on a remote system may be able to assume your credentials and access or modify your data. rootsquash means that root isn't available, but sudo means that any UID can be defined.
- Various filesystem permissions or limitations may or may not apply to /tmp. I tend to prefer mounting /tmp as its own filesystem, with nodev and nosuid set. There might also be noexec, which can foul up a lot of temporary installation scripts.
An alternative is for users to define their own preferred temporary directory. I usually include ~/tmp under $HOME.