Hi This patch does not fix the problem - it doesn't drop the utmp privilege after creating the socket so a user can trivially continue to cause the same issue by using the save-buffer command to create a file in /var/run/tmux.
If you do drop the privileges, it will break socket recreation with SIGUSR1 which will appear in 0.9 (and you may need to patch this out of the code or USR1 will kill the server). Of course it is completely up to you, but I recommend you don't do this, you are fixing a minor and easily detected denial-of-service problem by granting unnecessary privileges the abuse of which could potentially be greater. If you do want to do it this way, I suggest that rather than overloading the utmp group you create a new group specifically and only for tmux. Best regards Nicholas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
