On Wed, 25 Apr 2012, Hans Hübner wrote:
Windows and OSX do better than Unix by default in that they have user specific temporary directories, and this is all that we're discussing anyway. The only isolation that one can hope to have is on a per-user level, i.e. one may want to prevent that a process running under a some user ID can access a (temporary or non-temporary) file created by a process running under a different user ID. By making the user-specific temporary directories inaccessible to other user IDs, this goal is neatly achieved.
What you describe is very similar to the mktemp command on most linux systems. Use the TMPDIR environment variable, create a directory, etc.
http://www.mktemp.org/manual.html http://www.gnu.org/software/coreutils/manual/html_node/mktemp-invocation.htm...
http://en.wikipedia.org/wiki/TMPDIR
Whether these directories are somewhere in a home directory or collected under /tmp is irrelevant to security -- permissions in either place can be toggled. Collecting them under /tmp is convenient if "root" wants to blow them all away at once, and many systems are set up to automate such cleanup.
- Daniel