[ Thanks to LinucksGirl for this link.
]
“To improve security, it’s often wise to use more than one
method of protection (also called ‘defense in depth’). That way, if
one method is breached, another method remains operational and
prevents further intrusion. This article describes a way to add
another layer of depth to your security strategy: using PAM to
polyinstantiate world-writeable shared directories. This means that
a new instance of a directory, such as /tmp, is created for each
user.“Polyinstantiation of world-writeable directories prevents the
following types of attacks…”