paths and permissions [OT]
Matt Garretson
mattg at assembly.state.ny.us
Mon Feb 23 17:37:12 CET 2004
Eric Wood wrote:
> Users can't simply run them get setuid priveleges. I'm really suspect of
> your procmail attributes. Wouldn't that mean any user can write a recipe
> and blow away any file on the system using your procmail binary!?
I believe there are situations where it is valid to run procmail
setuid root, but i can't think of any of them now. :) In any
case, current versions of procmail attempt to drop root priviliges
when reading user rcfiles. So presumably, it would be only
running as root while executing /etc/procmailrc, which hopefully
is properly secured so only root can modify it.
-Matt
More information about the Bogofilter
mailing list