* Romain Francoise <[email protected]>, 2012-01-02, 09:28:
3) Tell people via the release notes that they should not run the
dist-upgrade inside screen, but inside tmux instead.
Unfortunately tmux has an issue of its own for squeeze → wheezy
upgrades, the socket path was changed from /var/run/tmux to /tmp in
order to remove the setgid bit from the binary.
Ewww, that's not what /tmp is for. Also, you just introduced a security
hole: every user can DoS other one (including root) my mkdiring
/tmp/tmux-${VICTIM_UID}.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
