I was following that Glint thread on redhat-devel list and it reminded me
of something I noticed a long time ago in Glint on Red Hat Linux 5.2:

There is a HUGE race condition in Glint that shipped with RHL 5.2 and
probably previous that needs to be fixed.  When using glint if a package
has an icon other than the default icon in glint (several did) then a file
named /tmp/glint.gif was created.  The file always had the same name
and would follow symlinks as well, allowing ANY file on ANY mounted
filesystem to be overwritten when root ran Glint.  I forgot to report this
because I realized it shortly before upgrading to 6.2 so it never got 
reported.
Because many people still use RHL 5.2 and apparently some still use
Glint, I think it is important to put out an errata on this and fix glint. 
 The
offensive code is in area.py (part of glint lib):

.....
       if (package.getIcon()):
            f = open("/tmp/glint.gif", "w")
            f.write(package.getIcon())
            f.close()
            image = RHPhoto()
            image.read("/tmp/glint.gif")
    
            self.imageList.append(image)
.....

I don't know python so I can't submit a patch, but I'd suggest either 
moving
the file to the user's home directory or adding random characters onto the
end of the name.  PID would be to predictable.

-Stan Bubrouski