Hi! Winetricks has a symlink vulnerability, it does
(echo "$title"; echo ""; echo "$text") > /tmp/x_showmenu.txt An attacker can exploit this by creating a symlink called /tmp/x_showmenu.txt and have it point to some file that a winetricks user can write (e.g. ~/Documents/important_stuff.odf). Winetricks will then overwrite that file with its data. To solve this, apply the following patch that simply avoids the creation of a temporary file: --- winetricks 2008-12-18 06:34:42.000000000 +0100 +++ winetricks 2008-12-23 18:00:17.000000000 +0100 @@ -207,8 +207,8 @@ args="$args,$1" shift done - (echo "$title"; echo ""; echo "$text") > /tmp/x_showmenu.txt - xmessage -print -file /tmp/x_showmenu.txt -buttons "Cancel,$args" | sed 's/Cancel//' + (echo "$title"; echo ""; echo "$text") | \ + xmessage -print -file - -buttons "Cancel,$args" | sed 's/Cancel//' } showmenu() Merry Christmas Stefan