`forticlientsslvpn suffers from an insecure lock file creation issue.
Upon starting the forticlientsslvpn, the file 'forticlientsslvpn.lock'
is created under the /tmp directory with octal permissions
The client does not first check if this file exists, or if it is even
currently owned by the user running the client.
Create a symlink from /tmp/forticlientsslvpn.lock
to /some/file/owned_by_root as a non-root user. Then run the
forticlientsslvpn client as root and the file you pointed at will then
be overwritten upon execution.