If you're interested in preventing attacks through necessary services you can give /tmp it's own partition and mount it with the nodev,nosuid, and noexec flags.
It's no guarantee, but it should be part of a larger security policy, and it's one place to start.
|