28 lines
1.0 KiB
Plaintext
28 lines
1.0 KiB
Plaintext
Maildrop must be run as the uid/gid of the user whose mailbox it
|
|
is delivering to.
|
|
|
|
Therefore, if the MTA does not spawn it with the correct uid/gid,
|
|
it needs to be suid root to perform the operation itself.
|
|
|
|
The port is installed with the suid bit stripped by default. This
|
|
works out-of-the-box with MTAs like qmail, which spawn maildrop
|
|
with the correct uid/gid it needs to perform the delivery.
|
|
|
|
For more information, please read the documentation in
|
|
${PREFIX}/share/doc/maildrop/INSTALL. It should be safe to enable
|
|
the suid bits, but scan over the code first and satisfy yourself
|
|
that there are no security holes.
|
|
|
|
If you perform a full audit, please inform <ports@openbsd.org> and
|
|
the suid bit may then be enabled by default. Note that there have
|
|
been no security advisories about this package in the past.
|
|
|
|
The following files will need suid re-enabled if you so choose:
|
|
|
|
${PREFIX}/bin/maildrop
|
|
${PREFIX}/bin/dotlock
|
|
${PREFIX}/bin/reformail
|
|
|
|
Marc Balmer <mbalmer@openbsd.org>
|
|
$OpenBSD: SECURITY,v 1.2 2004/12/06 23:06:01 mbalmer Exp $
|