Through the use of symlinking temporary files created by /usr/bin/catman upon execution by root a local user can clobber root owned files.