cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c902aefaa6
openbsd-ports/mail/maildrop/pkg/SECURITY
avsm 57feb4541b import maildrop-1.2 
This one has been pending for around two months because
it installs root suid files.  The port strips these out
by default, and pkg/SECURITY has details on if they need
to be reenabled. qmail at least doesnt need it, others can
probably be configured to not.
(naddy@ and avsm@ discussed this)
--

maildrop is a replacement for your local mail delivery agent. It
reads a mail message from standard input, then delivers the message
to your mailbox. maildrop knows how to deliver mail to mbox-style
mailboxes, and maildirs.

maildrop will optionally read instructions from a file, which
describes how to filter incoming mail. Instructions can be provided
having mail delivered to alternate mailboxes, or forwarded somewhere
else. Unlike procmail, maildrop uses a structured filtering language.

maildrop is written in C++, and is significantly larger than procmail
in compiled form.  However, it uses resources much more efficiently.
Unlike procmail, maildrop will not read a 10 megabyte mail message
into memory. Large messages are saved in a temporary file, and are
filtered from the temporary file.
2000-10-09 22:29:05 +00:00

28 lines
1.0 KiB
Plaintext
Raw Blame History

Maildrop must be run as the uid/gid of the user whose mailbox it
is delivering to.
Therefore, if the MTA does not spawn it with the correct uid/gid,
it needs to be suid root to perform the operation itself.
The port is installed with the suid bit stripped by default. This
works out-of-the-box with MTAs like qmail, which spawn maildrop
with the correct uid/gid it needs to perform the delivery.
For more information, please read the documentation in
${PREFIX}/share/doc/maildrop/INSTALL. It should be safe to enable
the suid bits, but scan over the code first and satisfy yourself
that there are no security holes.
If you perform a full audit, please inform <ports@openbsd.org> and
the suid bit may then be enabled by default. Note that there have
been no security advisories about this package in the past.
The following files will need suid re-enabled if you so choose:
${PREFIX}/bin/maildrop
${PREFIX}/bin/dotlock
${PREFIX}/bin/reformail
Anil Madhavapeddy, <avsm@openbsd.org>
$OpenBSD: SECURITY,v 1.1.1.1 2000/10/09 22:29:05 avsm Exp $
Reference in New Issue View Git Blame Copy Permalink