Nginx rate limiter doesn’t work for the 301 response – is there any security/attack risk?

I’ve learned that if I have a http/https permanent redirect rule (return 301 on http and point to https), the rate limiter does not apply when querying the http server. The reason is that the rewrite rule is evaluated before the rate limiter code: https://trac.nginx.org/nginx/ticket/1834. Consequently, it appears that an attacker could mass-flood the http…

Sticky bit enabled Script can’t write to a root file

I have 2 files in the /tmp/. The first one is named “file” with permission -rw——- and owner root:root. The second file is named “script” which is a simple Ruby script with permission -rwsr-xr-x and owner root:root. The contents of the script file is: #!/usr/bin/ruby -w $-v = true IO.write(File.join(Dir.pwd, ‘file’), ‘hello!’) And the file…