The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file.
http://www.zataz.net/adviso/gtkdiskfree-09052005.txt
http://www.gentoo.org/security/en/glsa/glsa-200510-01.xml
http://www.debian.org/security/2005/dsa-822
http://secunia.com/advisories/17056
http://secunia.com/advisories/17005
http://secunia.com/advisories/16951