Ken Hornstein <[EMAIL PROTECTED]> wrote on May 18, 2005:
>>>(AFAIK sendmail and friends always run stuff under the user's real and
>>>effective uid, so I don't think slocal should ever be setuid).
>>If you run "slocal" from ".forward", then it runs as the recipient
>>(the person using ".forward")
"I run 'slocal' in *my* '.forward'! Ask for it by name!"
-mo
___
Nmh-workers mailing list
Nmh-workers@nongnu.org
http://lists.nongnu.org/mailman/listinfo/nmh-workers
>>(AFAIK sendmail and friends always run stuff under the user's real and
>>effective uid, so I don't think slocal should ever be setuid).
>
>If you run "slocal" from ".forward", then it runs as the recipient
>(the person using ".forward"). But there are advantages to running
>slocal as a mailer de
Ken Hornstein <[EMAIL PROTECTED]> wrote on May 16, 2005:
>(AFAIK sendmail and friends always run stuff under the user's real and
>effective uid, so I don't think slocal should ever be setuid).
If you run "slocal" from ".forward", then it runs as the recipient
(the person using ".forward"). But t
>I perhaps overstated things. Better would be that, with only one
>exception, I cannot think of a reason to run the mh commands setuid.
I seem to recall that in some setups "inc" was setgid, so it could
create lock files in the mail spool directory. Not the same as setuid,
of course, but maybe i
> In other words, I don't see a serious problem with just leaving the
> code as it is for the present. Or perhaps add a comment that this
> should be reviewed if/when the code is revamped.
The dangerous part about leaving bad code lie, is that someday, someone
will try to use it. Why doesn't som
Jon Steinhart <[EMAIL PROTECTED]> wrote on May 13, 2005:
>> Jon Steinhart <[EMAIL PROTECTED]> wrote on May 13, 2005:
>> >Saw this while looking for something else.
>> >m_chkids() forks a child process to run context_save() if the
>> >uid is not the same as the euid. But, it ends up running as
>
> Jon Steinhart <[EMAIL PROTECTED]> wrote on May 13, 2005:
>
> >Saw this while looking for something else.
>
> >m_chkids() forks a child process to run context_save() if the
> >uid is not the same as the euid. But, it ends up running as
> >if the uid and euid are the same if the fork() fails. S
Jon Steinhart <[EMAIL PROTECTED]> wrote on May 13, 2005:
>Saw this while looking for something else.
>m_chkids() forks a child process to run context_save() if the
>uid is not the same as the euid. But, it ends up running as
>if the uid and euid are the same if the fork() fails. Seems
>to me th
Saw this while looking for something else.
m_chkids() forks a child process to run context_save() if the
uid is not the same as the euid. But, it ends up running as
if the uid and euid are the same if the fork() fails. Seems
to me that this should be an error. I realize that it will
probably re
10 matches
Mail list logo
