Rich Mirch discovered that the pg_ctlcluster script didn"t drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.