Package: nncp
Version: 8.10.0
(Ubuntu 24.04: Version: 8.10.0-8ubuntu0.2)
Hi,
/var/spool/nncp is owned by owner and group nncp.
But how should a user other than root be able to write into that
directory or run nncp commands being able to read /etc/nncp.hjson, if
that is supposed to remain secret?
Shouldn't those commands be set setuid nncp?
E.g. in older package uucp it is set correctly:
-rwsr-xr-x 1 uucp root 121088 Mär 25 2022 /usr/bin/uucp*
-rwsr-xr-x 1 uucp root 121072 Mär 25 2022 /usr/bin/uux*
regards
Hadmut
