mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.