writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files.