tmux versions 1.3 and 1.4 suffer from a -S option incorrect setgid local privilege escalation vulnerability.
cd885fe8e526cc9f25b3d09ae86f267db6f64ccabdcde1494411eddaa61dea49
Debian Linux Security Advisory 2212-1 - Daniel Danner discovered that tmux, a terminal multiplexer, is not properly dropping group privileges. Due to a patch introduced by Debian, when invoked with the -S option, tmux is not dropping permissions obtained through its setgid installation.
9acd53444cea1c6e42ba41468838744441a326f8a3bd0fceb3eaeaae87b2a81a