Re: Installed procmail 3.15.2-1 (i386 source)
On Fri, 31 Aug 2001, Herbert Xu wrote:
> Santiago Vila <sanvila@debian.org> wrote:
>
> > procmail (3.15.2-1) stable; urgency=high
> > .
> > * New upstream release, with improved security and robustness involving
> > signal handlers. Author recommends upgrading to this version on
> > any system where it is installed setuid or setgid.
>
> There goes the argument that procmail is secure enough to be setuid. So
> how about removing the setuid bit by default?
I don't understand in which way this changelog entry supports your
idea of dropping the setuid bit. Do you drop the setuid bit every time
you fix a bug in a setuid program? Obviously not.
The recommended default has not changed. Use dpkg-statoverride if you
dislike it.
Reply to: