Most programs use
mktemp, I think, I hope? Or some sort of API around it? The are not supposed to have their own logic of creating a temp folder. That is supposed to be abstracted and secure.
As far as I understand libpam-tmpdir attempts to make this process more secure by adding per-user temp folder separation.
It sets environment variables
/tmp/user/<userid>. These will then be private temp folders.
Not sure that is really needed but might be since systemd also has an instance
Unfortunately it seems to be incompatible with some Debian packaging tools? Perhaps since this package is rather unpopular? Examples:
dpkg-deb: building package 'pbuilder-satisfydepends-dummy' in '/tmp/satisfydepends-aptitude/pbuilder-satisfydepends-dummy.deb'.
dpkg-deb: error: failed to make temporary file (control member): No such file or directory
E: pbuilder-satisfydepends failed.
Happening during 1100_prepare-build-machine cowbuilder --create. Perhaps since environment variables user vs root do not match in chroot. Unsetting the TMP / TEMP environment variables and/or installing libpam-tmpdir in chroot does not solve this issue either.
+ /usr/lib/security-misc/apt-get-wrapper -o Acquire::http::Proxy=http://127.0.0.1:3142 -o Acquire::https::Proxy=http://127.0.0.1:3142 -o Acquire::tor::Proxy=http://127.0.0.1:3142 -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Acquire::Retries=3 -o Acquire::BlockDotOnion=false update
+ set -e
+ set -o pipefail
+ set -o errtrace
++ mktemp --directory
mktemp: failed to create directory via template '/tmp/user/0/tmp.XXXXXXXXXX': No such file or directory