Please sign in to comment.
Fix writing a tmp file with a predictable name in
passenger-install-nginx-module. With access to the system, a user could plant a symlink in /tmp that resulted in a chosen-file overwrite attempt whenever passenger-install-nginx-module was run, using the access rights of the executing user, potentially even with chosen content.
- Loading branch information...
Showing with 16 additions and 13 deletions.