Hi,
i see your point and admit that this has as a consequence the change of the
your program.
Therefore I will try to drop the utmp privileges after creating the directory.
I will send you my modifcations first then.
Thanks for your advise.
Greets,
Ferdinand
Am Freitag 22 Mai 2009 20:37:39
Hi
This patch does not fix the problem - it doesn't drop the utmp privilege after
creating the socket so a user can trivially continue to cause the same issue by
using the save-buffer command to create a file in /var/run/tmux.
If you do drop the privileges, it will break socket recreation with SI
Actually, I'm wrong, it won't break socket recreation since the subdirectories
of /var/run/tmux and the socket themselves still have the correct ownership.
The other points are correct, however. So you could drop the utmp privileges
completely after creating the directory.
On Fri, May 22, 2009 at
Package: tmux
Version: 0.8-4
Severity: grave
Justification: renders package unusable
Hi,
by creating tmux- I can create arbitrary tmux socket directories
in /tmp which makes it impossible for users to start tmux
anymore:
# sudo mkdir /tmp/tmux-1000
# tmux
can't create socket: Permission denie
4 matches
Mail list logo