A couple of days ago, I was learning the bash shell .. and about function. My book told me to type "declare -f" .. so i did.. and this is the output: -- # declare -f declare -f mc () { MC=/tmp/mc$$-"$RANDOM"; /usr/bin/mc -P "$@" >"$MC"; cd "`cat $MC`"; rm "$MC"; unset MC } -- I tried to figure out what it was all about. . and it suddenly struck me.. SYMLINK ATTACK. This leads to the possibility for a local user, to overwrite a local mc-users files. If I am a user of a system, and knows that root is an mc user .. and that he uses mc as root quite often .. then I can, every time I notice that he logs in, have a bash-script spin up a couple of thousands symlinks from mc<hisbash'sid>-<1-32k> .. make a couple of thosands of them, and there is a quite high possibility that one will hit the mark. When the user (root?) then exites mc .. he will overwrite the target-file, with the last used path. Woopsie, /etc/passwd now just contains a path .. uhm .. userdatabase.. my 15000 users .. ohmy. I don't know if this is a known securityproblem, it was found in redhat 5.2, and verified that it exists in 6.0