Puppet uses temp files unsafely by looking for a name it can use in a
directory, and then later writing to that file, creating a
vulnerability in which an attacker could make the name a symlink to
another file and thereby cause the puppet agent to overwrite something
that it did not intend to.