From owner-freebsd-security  Mon Feb 25  7:11:45 2002
Delivered-To: freebsd-security@freebsd.org
Received: from post.mail.nl.demon.net (post-11.mail.nl.demon.net [194.159.73.21])
	by hub.freebsd.org (Postfix) with ESMTP id AE55437B434
	for <freebsd-security@freebsd.org>; Mon, 25 Feb 2002 07:11:04 -0800 (PST)
Received: from [212.238.194.207] (helo=mailhost.raggedclown.net)
	by post.mail.nl.demon.net with esmtp (Exim 3.33 #1)
	id 16fMmN-000BuG-00
	for freebsd-security@FreeBSD.ORG; Mon, 25 Feb 2002 15:11:03 +0000
Received: from angel.raggedclown.net (angel.raggedclown.intra [192.168.1.7])
	by mailhost.raggedclown.net (Ragged Clown Mail Gateway [buffy]) with ESMTP id B428413040
	for <freebsd-security@FreeBSD.ORG>; Mon, 25 Feb 2002 16:11:02 +0100 (CET)
Received: by angel.raggedclown.net (Ragged Clown Host [angel], from userid 1005)
	id 6E47122593; Mon, 25 Feb 2002 16:11:02 +0100 (CET)
Date: Mon, 25 Feb 2002 16:11:02 +0100
From: Cliff Sarginson <csfbsd@raggedclown.net>
To: freebsd-security@FreeBSD.ORG
Subject: Re: Why procmail port installed with SUID root?
Message-ID: <20020225151102.GA6292@raggedclown.net>
References: <95519839649.20020225104332@mgul.ac.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <95519839649.20020225104332@mgul.ac.ru>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, Feb 25, 2002 at 10:43:32AM +0300, Andrey V. Pevnev wrote:
> Hello!
> 
>  Does anybody knows why procmail-3.22 port installed with SUID root by
>  default? I'am using it as MDA from sendmail-8.12.2
>  (FEATURE(`local_procmail')), and it works fine without SUID (I've
>  chmod'ed it to 555).
>  I think that it's better to install it without SUID by default (as
>  mail.local) to make system more secure.
> 
    -d recipient ...
            This  turns  on explicit delivery mode, delivery will
            be to the local user  recipient.   This,  of  course,
            only  is possible if procmail has root privileges (or
            if procmail is already running with  the  recipient's
            euid and egid).  Procmail will setuid to the intended
            recipients and  delivers  the  mail  as  if  it  were
            invoked  by the recipient with no arguments (i.e., if
            no rcfile is found, delivery is like ordinary  mail).
            This option is incompatible with -p.

-- 
Regards
   Cliff Sarginson -- <csfbsd@raggedclown.net>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message