rply creates temporary directory in an insecure manner. It uses tempfile.gettempdir()
to create /tmp
directories per user, allowing any local user to perform symlink or hardlink attacks which can result in system directories being overwritten and causing a denial of service condition.