27 lines
1.0 KiB
Plaintext
27 lines
1.0 KiB
Plaintext
Maildrop must be run as the uid/gid of the user whose mailbox it
|
|
is delivering to.
|
|
|
|
Therefore, if the MTA does not spawn it with the correct uid/gid,
|
|
it needs to be suid root to perform the operation itself.
|
|
|
|
The port is installed with the suid bit stripped by default. This
|
|
works out-of-the-box with MTAs like qmail, which spawn maildrop
|
|
with the correct uid/gid it needs to perform the delivery.
|
|
|
|
For more information, please read the documentation in
|
|
!!PREFIX!!/share/doc/maildrop/INSTALL. It should be safe to enable
|
|
the suid bits, but scan over the code first and satisfy yourself
|
|
that there are no security holes.
|
|
|
|
If you perform a full audit, please inform <ports@openbsd.org> and
|
|
the suid bit may then be enabled by default. Note that there have
|
|
been no security advisories about this package in the past.
|
|
|
|
The following files will need suid re-enabled if you so choose:
|
|
|
|
!!PREFIX!!/bin/maildrop
|
|
!!PREFIX!!/bin/lockmail
|
|
|
|
Marc Balmer <mbalmer@openbsd.org>
|
|
$OpenBSD: SECURITY,v 1.1 2006/11/03 13:52:19 mbalmer Exp $
|