On 12/29/2017 09:17 PM, Josip Rodin wrote: > On Sun, Dec 24, 2017 at 09:17:28AM +0900, Osamu Aoki wrote: >> Another option is create another wrapper code such as maildrop-suid-root >> which is a SUID on root program and let it calls maildrop in upstream. >> And make courier call this new code. This needs upstream cooperation.
I brought up the issue on their mailing list, but upstream wasn't exactly cooperative. They think of maildrop being available in two different flavours: standalone and courier-mta bundle. >> I don't want to maintain any SUID root program. Too much >> responsibility. If you are willing to take over this package >> maintenance, I can help 2 binary package script. > > It doesn't make sense to add a new setuid root binary in the maildrop > package. Whatever problem there is to solve, more setuid root by default > is simply not a legitimate solution without a big fat obvious rationale > about how it's unavoidable. Let's not jump to any such conclusions > beforehand. I wonder if SUID is related at all. In my own setup, while using virtual domains in combination with maildrop, it wouldn't even need SGID, I think. But I'd have to check why it was SUID to begin with. Or if it is in the variant upstream installs. Kind Regards Markus Wanner
