[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: Installed procmail 3.15.2-1 (i386 source)
From:       Santiago Vila <sanvila () unex ! es>
Date:       2001-08-31 8:20:49
[Download RAW message or body]

On Fri, 31 Aug 2001, Herbert Xu wrote:

> Santiago Vila <sanvila@debian.org> wrote:
>
> > procmail (3.15.2-1) stable; urgency=high
> > .
> >   * New upstream release, with improved security and robustness involving
> >     signal handlers. Author recommends upgrading to this version on
> >     any system where it is installed setuid or setgid.
>
> There goes the argument that procmail is secure enough to be setuid.  So
> how about removing the setuid bit by default?

I don't understand in which way this changelog entry supports your
idea of dropping the setuid bit. Do you drop the setuid bit every time
you fix a bug in a setuid program? Obviously not.

The recommended default has not changed. Use dpkg-statoverride if you
dislike it.


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]