Re: Installed procmail 3.15.2-1 (i386 source)
Santiago Vila <sanvila@debian.org> wrote:
> procmail (3.15.2-1) stable; urgency=high
> .
> * New upstream release, with improved security and robustness involving
> signal handlers. Author recommends upgrading to this version on
> any system where it is installed setuid or setgid.
There goes the argument that procmail is secure enough to be setuid. So
how about removing the setuid bit by default?
--
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Reply to: