I'll start off by describing [1]. Regardless of whether you downloaded
the Linux .bin or rpm.bin installer, when you run the .bin and accept
the license or install the rpm, sun invokes it's own unpack program.
The program is stored in /usr/java/j2re<version>/lib/unpack while java
is being installed, and it is erased after the install.
Every time unpack is invoked it insecurely creates the file
/tmp/unpack.log
So a simple symlink and you can overwrite any file owned by the person
installing java.
!!!!This is most often root if installing the RPM.!!!!!!!!
Очень неприятная штука однако ?