[DRE-maint] Bug#736830: ruby-passenger: wrong permissions on /tmp/passengerXXX
Benoît SÉRIE
bserie at evolix.fr
Mon Jan 27 10:40:03 UTC 2014
Package: ruby-passenger
Version: 3.0.13debian-1+deb7u1
Severity: important
Dear Maintainer,
We use Redmine (from Debian package) and the last passenger update
(3.0.13debian-1+deb7u1) has broken the permissions in /tmp/passengerXXX
(e.g /tmp/passenger.1.0.25998).
Apache runs as www-data but this directory is owned by root only.
# ls -lhad /tmp/passenger.1.0.25998/
drwxr-x--- 3 root root 1.0K Jan 27 10:53 /tmp/passenger.1.0.25998/
Error message given by Apache:
[ pid=26810 thr=140719191291712 file=ext/apache2/Hooks.cpp:862 time=2014-01-27 10:57:06.221 ]:
Unexpected error in mod_passenger: Cannot connect to Unix socket
'/tmp/passenger.1.0.25998/generation-0/socket': Permission denied (13)
Backtrace:
[Truncated...]
As a temporary fix, changing owner of /tmp/passengerXXX solves the issue.
Seeing "Fix CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage.
(Closes: #710351, #717176)" makes me think that this is due to this fix.
Best Regards,
--
Benoit SÉRIE <bserie at evolix.fr> – GnuPG: 4096R/56C27D99
Evolix – Hébergement et Infogérance Open Source http://www.evolix.fr/
More information about the Pkg-ruby-extras-maintainers
mailing list