On Fri, 7 Aug 1998, matthew green wrote:

: why does the procmail package install, by default, as setuid root?  this
: is insecure even if procmail is supposedly OK :)

It's a MDA, and can function as a replacement for mail.local.  It has to be
able to setuid() to the destination user in order to write to that user's
mailbox securely (and on systems where /var/mail is mode 755, in order to
create a nonexistent mailbox).

-- 
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)