On Fri, 7 Aug 1998, Greg A. Woods wrote:

: I don't know what the statistics are, but I'd bet that a large number of
: procmail users simply invoke it directly from their own ~/.forward files
: (or the equivalent).  For cases where procmail is used as a system MDA
: some mailers can invoke it as the target user.  Neither of these usages
: require an MDA be setuid-anything.

However, for our standard Sendmail MDA, it's a requirement if you use it as
anything but in your .forward file.  If used, for example, in /etc/aliases
or equivalent, it needs the setuid because it will be invoked by uid daemon.

If our default MDA could cope without the setuid, it could be removed.  And
then, you'd be able to remove it from mail.local as well.  But sendmail
needs it that way, so that's how the procmail pkg is.

: Finally, though I cannot vouch for the current status of the latest
: greatest version of procmail, I can attest to the fact that I've
: received many bounces from people who have managed to cause at least
: some versions of it to dump core simply by incorrectly configuring their
: ~/.procmailrc files, and I certainly wouldn't trust those versions
: within a million miles of being setuid-root.

It setuid()s before even opening the target user's .procmailrc file.

If you don't want it setuid-root, fine, disable it in your setup.  But you
lose a LOT of functionality, and the default really should be setuid.

-- 
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)