A couple of days ago, I was learning the bash shell .. and about function.  My book told me to type "declare -f" .. so i did.. and this is the output:
--
# declare -f
declare -f mc ()
{
MC=/tmp/mc$$-"$RANDOM";
/usr/bin/mc -P "$@" >"$MC";
cd "`cat $MC`";
rm "$MC";
unset MC
}
--
I tried to figure out what it was all about. . and it suddenly struck me.. SYMLINK ATTACK.

This leads to the possibility for a local user, to overwrite a local mc-users files.  If I am a user of a system, and knows that root is an mc user .. and that he uses mc as root quite often .. then I can, every time I notice that he logs in, have a bash-script spin up a couple of thousands symlinks from mc<hisbash'sid>-<1-32k>

.. make a couple of thosands of them, and there is a quite high possibility that one will hit the mark.

When the user (root?) then exites mc .. he will overwrite the target-file, with the last used path.  Woopsie, /etc/passwd now just contains a path .. uhm .. userdatabase.. my 15000 users .. ohmy.

I don't know if this is a known securityproblem, it was found in redhat 5.2, and verified that it exists in 6.0