paths and permissions
Dave Lovelace
dave at firstcomp.biz
Fri Feb 27 16:45:13 CET 2004
David Relson wrote:
>
> Hi Jesse,
>
> Sounds right. Since that posting, I learned that procmail runs suid.
> It's been pointed out that that's potentially dangerous since users can
> have their own .procmailrc files.
>
> David
>
Anything that runs SUID root is in principle insecure, but the software's
authors attempt to wall off the sections where it's actually running as
root. I don't know procmail's code, but I'd presume that by the time it's
running the user's .procmailrc it's running as the user.
--
- Dave Lovelace
dave at firstcomp.biz
davel at cyberspace.org
More information about the Bogofilter
mailing list