severity 23000 standard This is ONLY A PROBLEM FOR PEOPLE WHO ALTER PROCMAIL UNEXPECTEDLY. THIS IS NOT A PROBLEM FOR MOST STANDARD CONFIGURATIONS. THERE IS A PERFECTLY USEFUL WORKAROUND TO CONFIGURE SENDMAIL TO USE DELIVER INSTEAD. This is therefore NOT release critical.
On Tue, 16 Jun 1998, Herbert Xu wrote: > severity 23000 important > quit > > Richard A Nelson wrote: > > > > severity 23000 standard > > quit > > Stop doing this. > > > No... man sensible-mda clearly (to me - let me know what I could do to > > make it more clear if need be) states that procmail is preferred over > > deliver wherein both are extant. > > So? It shouldn't try to exec something that's not setuid. > > > You've been given (and I assume) implimented the work around - and I still > > beleive that: > > 1) The number of people to be bitten by this is so close to one as to be > > one for all intents and purposes. > > I consider this a stupid view to hold when people might be losing emails. > > > 2) The only way sendmail can protect itself from this would be to add > > checking for setgid authority before calling the MDA. Is it worth > > the effort? see 1) above... > > Of course. It's so simple. > > > 3) sensible-mda is better than having the casual/new user learn enough > > to change from deliver to procmail or visa versa... Not to mention > > that one would have to be chosen as the default... Scott will file > > a bug if I require deliver, and you if I require procmail... help? > > So fix sensible-mda. > > > Please, read the responces to this problem, and tell me what can be done > > to satisfy the three above and points raised in prior notes... > > Fix sensible-mda so that it doesn't exec something that's not setuid. Problem > fixed. -- Scott K. Ellis <[EMAIL PROTECTED]> http://www.gate.net/~storm/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
