On Tue, 13 May 1997 15:37:59 -0400 (EDT), "Wesley W. Garland"
<wes(_at_)kingston(_dot_)airpost(_dot_)com> said:
Another thing you should see if you can do is modify the procmail
source (note: I haven't bothered to do this, because I don't work for
an educational institution ;-) so that it immediately sets DROPPRIVS
as it reads in a users .procmailrc - that way, if they execute any
programs they won't have any special priviledges.
Good heavens, that isn't necessary. What an implication! procmail
doesn't run the user's code with special privileges. DROPPRIVS exists
so the administrator can run part of /etc/procmail without special
privileges if she desires. DROPPRIVS will always effectively have been
done before the user's ~/.procmailrc is running.
--
Roderick Schertler
roderick(_at_)argon(_dot_)org