Comment 32 for bug 1438758

Actually, I just thought of a way to attack my current fix with a crafted /command abstract socket. I'll update my debdiffs to include a fix (privilege drop to the process uid/gid of the socket owner).