>but just wanted to float one by that just occurred to me:
>
>what if when you login to a netbsd box (be it rsh, rlogin, telnet, etc),
>it mounted "/tmp/user" onto "/tmp", so that any reference to /tmp would
>(in reality) be /tmp/user.  This wouldn't(?) require any kernel hacks,
>except to support mounting like that (unless it doesn't happen now).

Do you really mean "/tmp/user", or "/tmp/<user>" -- 
some user-specific directory, like "/tmp/darrenr"?
I think there are problems with each.

  * If the former,  what stops badgusy from putting trojans in /tpm/user?

  * If the latter, what happens when a second person logs into said box?
    Are you assuming single-user machines?