Subject: re: procmail package?
To: matthew green <mrg@eterna.com.au>
From: Todd Vierling <tv@pobox.com>
List: tech-pkg
Date: 08/08/1998 08:53:48
On Sat, 8 Aug 1998, matthew green wrote:
: As I explained to Mr. Woods, our default MDA requires the setuid for use of
: procmail to do anything other than a ~/.forward filter.
: don't make that decision for me without telling me. or without giving
: me a knob to disable it (once and forever).
It does tell you if you build from pkgsrc. Read the screen during
"install." It even does the "ls -l" for you.
In the pkg system, there's a weight of functionality vs. perceived security.
(Note the `perceived security' as opposed to just `security'--BIG
difference.) Procmail appears, in source scans, to be secure enough to run
setuid. If you don't like it, you can disable it. If you want a pkgsrc
knob, go ahead and add one, which changes the install rule to "install"
instead of "install-suid". The default should be "install-suid" for maximum
functionality and for binary pkgs.
Another example is screen (pkgsrc/misc/screen). It can run setuid, and in
fact, has an insecurity if you do _not_ install it setuid. If you want a
knob to turn that setuid off, add one, but the default for building binary
pkgs should be setuid in this case too.
--
-- Todd Vierling (Personal tv@pobox.com; Bus. todd_vierling@xn.xerox.com)