Portage prior to 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
gentoo linux 1.4
gentoo portage
gentoo portage 2.0.50