Actually, I'm wrong, it won't break socket recreation since the subdirectories of /var/run/tmux and the socket themselves still have the correct ownership. The other points are correct, however. So you could drop the utmp privileges completely after creating the directory.
On Fri, May 22, 2009 at 07:31:17PM +0100, Nicholas Marriott wrote: > Hi > > This patch does not fix the problem - it doesn't drop the utmp privilege after > creating the socket so a user can trivially continue to cause the same issue > by > using the save-buffer command to create a file in /var/run/tmux. > > If you do drop the privileges, it will break socket recreation with SIGUSR1 > which will appear in 0.9 (and you may need to patch this out of the code or > USR1 will kill the server). > > Of course it is completely up to you, but I recommend you don't do this, you > are fixing a minor and easily detected denial-of-service problem by granting > unnecessary privileges the abuse of which could potentially be greater. > > If you do want to do it this way, I suggest that rather than overloading the > utmp group you create a new group specifically and only for tmux. > > Best regards > > Nicholas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
