Hi! Santiago Vila [2005-03-04 13:16 +0100]: > > Currently, procmail is installed as setuid root by default, which is > > unnecessary when using it with e. g. exim4 or postfix. Installing it > > setgid mail (and using the mail group only when necessary) is much > > safer and greatly limits the potential impact of security holes. > > This was already reported by you as Bug#264011, and I still consider > it inappropriate for Debian, which has a lot more MTAs than postfix or exim4. > > If you missed the last email in Bug#264011, please read it now.
Sorry, I forgot about the previous bug and I could not find it in the current bug list. For the record, I heavily disagree to your reasoning. You will help people to lose mail (and much more) if you run programs as root without any reason (especially for programs which code is as messy as procmail), and making it easy for people to close this hole is by no way worthless. However, I respect that you are the maintainer and decide this, so I will shut up. Ubuntu just has the policy to offer patches to Debian, not to force Debian to use it. :-) Thanks and have a nice day! Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature
