El dj. 07 de 11 de 2019 a les 09:14 +0200, en/na Sergey Poznyakoff va escriure: > Hi Jordi, > > If I'm not mistaken, Debian installs maidag without setuid bit, > thus no fix is needed. > > If installed setuid, make sure it is executable only for the user MTA > is running as, e.g. > > $ ls -l /usr/sbin/maidag > -rwsr-xr-- 1 root daemon 67456 Dec 25 2016 /usr/sbin/maidag
Yes, but still, if a local admin decides to override that and use the suid bit, it'd be a lot better if maidag has the fix. FWIW, I plan to ship mda with the default suid bit. Jordi
