Vulnerability: Any user can read any file in the system. title=Flying rev. 6.20 author=Helmut Hoenig system=tested on Redhat 5.2, possibly others foundby=grandpae@nconnect.net (Grampa Elite) Overview: Flying is a X-Windows program I have found installed on Redhat 5.2 that is actually a gateway for multiple games that Helmut wrote. All of these games unfortunatly write to /tmp/logfile.txt . Basicly all that you have to do is symlink logfile.txt to say /var/log/messages, and as soon as root runs his silly little game it overwrites logfile.txt with the file you symlinked it to, also it becomes owned by root and the symlink is turned off. The big but is that the read bit is left on allowing you to read the tmp file. Do I have anything better to do than find stupid tmp file holes in mostly unused games? No not really.