Re: Bug#23000: acknowledged by developer (sendmail: no way to force deliver over procmail)
severity 23000 standard
This is ONLY A PROBLEM FOR PEOPLE WHO ALTER PROCMAIL UNEXPECTEDLY. THIS
IS NOT A PROBLEM FOR MOST STANDARD CONFIGURATIONS. THERE IS A PERFECTLY
USEFUL WORKAROUND TO CONFIGURE SENDMAIL TO USE DELIVER INSTEAD. This is
therefore NOT release critical.
On Tue, 16 Jun 1998, Herbert Xu wrote:
> severity 23000 important
> quit
>
> Richard A Nelson wrote:
> >
> > severity 23000 standard
> > quit
>
> Stop doing this.
>
> > No... man sensible-mda clearly (to me - let me know what I could do to
> > make it more clear if need be) states that procmail is preferred over
> > deliver wherein both are extant.
>
> So? It shouldn't try to exec something that's not setuid.
>
> > You've been given (and I assume) implimented the work around - and I still
> > beleive that:
> > 1) The number of people to be bitten by this is so close to one as to be
> > one for all intents and purposes.
>
> I consider this a stupid view to hold when people might be losing emails.
>
> > 2) The only way sendmail can protect itself from this would be to add
> > checking for setgid authority before calling the MDA. Is it worth
> > the effort? see 1) above...
>
> Of course. It's so simple.
>
> > 3) sensible-mda is better than having the casual/new user learn enough
> > to change from deliver to procmail or visa versa... Not to mention
> > that one would have to be chosen as the default... Scott will file
> > a bug if I require deliver, and you if I require procmail... help?
>
> So fix sensible-mda.
>
> > Please, read the responces to this problem, and tell me what can be done
> > to satisfy the three above and points raised in prior notes...
>
> Fix sensible-mda so that it doesn't exec something that's not setuid. Problem
> fixed.
--
Scott K. Ellis <storm@gate.net> http://www.gate.net/~storm/
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: