Sagara Wijetunga writes:
I have a predicament. I have installed the SqWebMail as a setuid root program
Not a good idea. A hole in sqwebmail could allow somebody to execute arbitrary code as root. Sqwebmail is big and complicated. Mr Sam is a good coder, but it's always possible to miss something.
I'm evaluating various ways to eliminate the setuid requirements. It should be doable, with the only sacrificial lamb turning out to be FastCGI support.
Once I get some free cycles (my schedule is pretty busy now), that's going to be one of my hot action items.
pgp00000.pgp
Description: PGP signature
