# using setresgid() for safely dropping utmp group membership.
--- a/tmux.c
+++ b/tmux.c
@@ -236,9 +236,11 @@
 {
 	char		base[MAXPATHLEN], *path;
 	struct stat	sb;
-	u_int		uid;
+	u_int		uid,gid;
 
 	uid = getuid();
+	gid = getgid();
+
 	xsnprintf(base, MAXPATHLEN, "%s/%s/%s-%d", _PATH_VARRUN, __progname, __progname, uid);
 
 	if (mkdir(base, S_IRWXU) != 0 && errno != EEXIST)
@@ -254,6 +256,9 @@
 		errno = EACCES;
 		return (NULL);
 	}
+	/* drop unnecessary privileges */
+ 	if (setresgid(gid, gid, gid) != 0)
+ 		return (NULL);
 
 	xasprintf(&path, "%s/%s", base, label);
 	return (path);