On Linux and Unix systems, the /tmp/ and /var/tmp/ locations are world writable. They are used to provide a common location for temporary files and are protected through the sticky bit so that users cannot remove files they don't own from the directory, even though the directory is world writable.

But despite this measure, there is a history of attacks against the /tmp/ and /var/tmp/ locations, such as race conditions with symbolic links and information leakage through (temporary or not) world or group-readable files generated within.

Polyinstantiated directories provide a neat solution to this problem: users get their own, private /tmp/ and /var/tmp/ instance. These directory instances are created upon login on a different location, but then made visible (mounted) on the /tmp/ and /var/tmp/ locations for that specific user session. This mount is local to the user session through the use of Linux namespaces—other users have their own view on the mounts...