On Sat, 8 Aug 1998, matthew green wrote:

:    As I explained to Mr. Woods, our default MDA requires the setuid for use of
:    procmail to do anything other than a ~/.forward filter.

: don't make that decision for me without telling me.  or without giving
: me a knob to disable it (once and forever).

It does tell you if you build from pkgsrc.  Read the screen during
"install."  It even does the "ls -l" for you.

In the pkg system, there's a weight of functionality vs. perceived security.
(Note the `perceived security' as opposed to just `security'--BIG
difference.)  Procmail appears, in source scans, to be secure enough to run
setuid.  If you don't like it, you can disable it.  If you want a pkgsrc
knob, go ahead and add one, which changes the install rule to "install"
instead of "install-suid".  The default should be "install-suid" for maximum
functionality and for binary pkgs.

Another example is screen (pkgsrc/misc/screen).  It can run setuid, and in
fact, has an insecurity if you do _not_ install it setuid.  If you want a
knob to turn that setuid off, add one, but the default for building binary
pkgs should be setuid in this case too.

-- 
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)