javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.