Mark W. Eichin writes ("Re: Bug#4354: movemail doesn't work"):
> [Ian:]
> > Why does movemail need to be setuid root ?!
>
> Well, the package as I inherited had the following in debian.rules:
...
> # movemail is installed setuid so that POP can work. (This is
> # safe.)
...
> I suspect this has to do with using movemail locally on a machine
> which is also a pop server, but I haven't verified that. (The emacs
> build "blessmail" process will only make it setgid mail.) Anyone else
> remember?
This sounds doubtful to me ..
...
> Still haven't heard from the original reporter what, if anything,
> explains why his movemail wasn't installed properly...
He wasn't the guy on linux-security who unsetuidded everything and
said none of his users had complained ... ? :-)
Ian.
