Subject: Re: procmail package?
To: matthew green <firstname.lastname@example.org>
From: Todd Vierling <email@example.com>
Date: 08/07/1998 08:04:53
On Fri, 7 Aug 1998, matthew green wrote:
: why does the procmail package install, by default, as setuid root? this
: is insecure even if procmail is supposedly OK :)
It's a MDA, and can function as a replacement for mail.local. It has to be
able to setuid() to the destination user in order to write to that user's
mailbox securely (and on systems where /var/mail is mode 755, in order to
create a nonexistent mailbox).
-- Todd Vierling (Personal firstname.lastname@example.org; Bus. email@example.com)