* Romain Francoise <rfranco...@debian.org>, 2012-01-02, 09:28:
3) Tell people via the release notes that they should not run the
dist-upgrade inside screen, but inside tmux instead.
Unfortunately tmux has an issue of its own for squeeze → wheezy
upgrades, the socket path was changed from /var/run/tmux to /tmp in
order to remove the setgid bit from the binary.
Ewww, that's not what /tmp is for. Also, you just introduced a security
hole: every user can DoS other one (including root) my mkdiring
/tmp/tmux-${VICTIM_UID}.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120103164528.ga4...@jwilk.net
