Eran, > It's really a classical Unix security pitfall that occurs whenever you > write to files in world-writable directories. It has to be dealt with at > the application level, either by being careful about existing files or > by using atomically generated unique filenames.
Because the vulnerability is not unique to Cygwin/X as you mentioned, it should be fixed in upper levels so that every implementation of XFree86 can benefit. If some of those (e.g. X server of Linux) have already fixed it we can borrow it instead of a redundant reinvention. However, I must say that I can't contribute to this point because of lack of time. Could you look into other implementations? It should be greatly appreciated. Takuma Murakami