Package: ruby-passenger Version: 3.0.13debian-1+deb7u1 Severity: important Dear Maintainer,
We use Redmine (from Debian package) and the last passenger update (3.0.13debian-1+deb7u1) has broken the permissions in /tmp/passengerXXX (e.g /tmp/passenger.1.0.25998). Apache runs as www-data but this directory is owned by root only. # ls -lhad /tmp/passenger.1.0.25998/ drwxr-x--- 3 root root 1.0K Jan 27 10:53 /tmp/passenger.1.0.25998/ Error message given by Apache: [ pid=26810 thr=140719191291712 file=ext/apache2/Hooks.cpp:862 time=2014-01-27 10:57:06.221 ]: Unexpected error in mod_passenger: Cannot connect to Unix socket '/tmp/passenger.1.0.25998/generation-0/socket': Permission denied (13) Backtrace: [Truncated...] As a temporary fix, changing owner of /tmp/passengerXXX solves the issue. Seeing "Fix CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage. (Closes: #710351, #717176)" makes me think that this is due to this fix. Best Regards, -- Benoit SÉRIE <bse...@evolix.fr> – GnuPG: 4096R/56C27D99 Evolix – Hébergement et Infogérance Open Source http://www.evolix.fr/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
