+++ This bug was initially created as a clone of Bug #1213330

I just reported this to upstream via email:

This file is used if Wine is installed on the system and when the Wine ASIO
related settings are changed and applied in the Cadence GUI dialog. In
Cadence.py the following code deals with it:

```
    if "wineasio" in self.settings_changed_types:
        REGFILE  = 'REGEDIT4\n'
        REGFILE += '\n'
        REGFILE += '[HKEY_CURRENT_USER\Software\Wine\WineASIO]\n'
        REGFILE += '"Autostart server"=dword:0000000%i\n' % int(1 if self.cb_wineasio_autostart.isChecked() else 0)
        REGFILE += '"Connect to hardware"=dword:0000000%i\n' % int(1 if self.cb_wineasio_hw.isChecked() else 0)
        REGFILE += '"Fixed buffersize"=dword:0000000%i\n' % int(1 if self.cb_wineasio_fixed_bsize.isChecked() else 0)
        REGFILE += '"Number of inputs"=dword:000000%s\n' % smartHex(self.sb_wineasio_ins.value(), 2)
        REGFILE += '"Number of outputs"=dword:000000%s\n' % smartHex(self.sb_wineasio_outs.value(), 2)
        REGFILE += '"Preferred buffersize"=dword:0000%s\n' % smartHex(int(self.cb_wineasio_bsizes.currentText()), 4)
        
        writeFile = open("/tmp/cadence-wineasio.reg", "w")
        writeFile.write(REGFILE)
        writeFile.close()
        
        os.system("regedit /tmp/cadence-wineasio.reg")
```

Without the Linux kernel's symlink protection (`fs.protected_symlinks` sysctl)
this would allow other users to stage a symlink attack. Thus other users could
point /tmp/cadence-wineasio.reg to a compromised file, or have the user
running Cadence create this file in an arbitrary location.

Without the Linux kernel's regular file proection (`fs.protected_regular`
sysctl) this would allow other users to place an attacker controlled
world-writable file in this location. By winning a race condition (waiting for
Cadence to write its desired content and then quickly replacing the file's
content again) the attacker can cause arbitrary data to be passed to
`regedit`. Since the Wine registry controls ample application behaviour this
can be considered a local arbitrary code execution.

Luckily most modern Linux distrubtions have the kernel protections mentioned
above enabled which means that the worst case will usually not happen. Even
with these protection mechanisms the following problems remain:

- Cadence can be prevented from saving Wine ASIO settings by pre-creating this
  file.
- The file is created world-readable by Cadence, thus the content of the file
  can leak to other user contexts on the system. The data that is
  written there is not sensitive at the moment, but it could become
  problematic in in the future.
- (non-security) the fixed /tmp file path makes it impossible to properly run
  two instances of Cadence in parallel, especially since the file is never
  deleted again.

The fix for this one is easy, this needs to use Python's `tempfile.NamedTemporaryFile`.