openbsd-ports/mail/maildrop/pkg/SECURITY

Maildrop must be run as the uid/gid of the user whose mailbox it
is delivering to.

Therefore, if the MTA does not spawn it with the correct uid/gid,
it needs to be suid root to perform the operation itself.

The port is installed with the suid bit stripped by default.  This
works out-of-the-box with MTAs like qmail, which spawn maildrop
with the correct uid/gid it needs to perform the delivery.

For more information, please read the documentation in
${PREFIX}/share/doc/maildrop/INSTALL.  It should be safe to enable
the suid bits, but scan over the code first and satisfy yourself
that there are no security holes.

If you perform a full audit, please inform <ports@openbsd.org> and
the suid bit may then be enabled by default.  Note that there have
been no security advisories about this package in the past.

The following files will need suid re-enabled if you so choose:

${PREFIX}/bin/maildrop
${PREFIX}/bin/dotlock
${PREFIX}/bin/reformail

Marc Balmer <mbalmer@openbsd.org>
$OpenBSD: SECURITY,v 1.2 2004/12/06 23:06:01 mbalmer Exp $
import maildrop-1.2 This one has been pending for around two months because it installs root suid files. The port strips these out by default, and pkg/SECURITY has details on if they need to be reenabled. qmail at least doesnt need it, others can probably be configured to not. (naddy@ and avsm@ discussed this) -- maildrop is a replacement for your local mail delivery agent. It reads a mail message from standard input, then delivers the message to your mailbox. maildrop knows how to deliver mail to mbox-style mailboxes, and maildirs. maildrop will optionally read instructions from a file, which describes how to filter incoming mail. Instructions can be provided having mail delivered to alternate mailboxes, or forwarded somewhere else. Unlike procmail, maildrop uses a structured filtering language. maildrop is written in C++, and is significantly larger than procmail in compiled form. However, it uses resources much more efficiently. Unlike procmail, maildrop will not read a 10 megabyte mail message into memory. Large messages are saved in a temporary file, and are filtered from the temporary file. 2000-10-09 18:29:05 -04:00			`Maildrop must be run as the uid/gid of the user whose mailbox it`
			`is delivering to.`

			`Therefore, if the MTA does not spawn it with the correct uid/gid,`
			`it needs to be suid root to perform the operation itself.`

			`The port is installed with the suid bit stripped by default. This`
			`works out-of-the-box with MTAs like qmail, which spawn maildrop`
			`with the correct uid/gid it needs to perform the delivery.`

			`For more information, please read the documentation in`
			`${PREFIX}/share/doc/maildrop/INSTALL. It should be safe to enable`
			`the suid bits, but scan over the code first and satisfy yourself`
			`that there are no security holes.`

			`If you perform a full audit, please inform <ports@openbsd.org> and`
			`the suid bit may then be enabled by default. Note that there have`
			`been no security advisories about this package in the past.`

			`The following files will need suid re-enabled if you so choose:`

			`${PREFIX}/bin/maildrop`
			`${PREFIX}/bin/dotlock`
			`${PREFIX}/bin/reformail`

Updated to version 1.7.0 and added an ldap and mysql flavor. ok naddy@ 2004-12-06 18:06:01 -05:00			`Marc Balmer <mbalmer@openbsd.org>`
			$OpenBSD: SECURITY,v 1.2 2004/12/06 23:06:01 mbalmer Exp $