Hi Stephen (and Santiago), Do you plan to pass a significant security audit over the procmail code base and fuzz the binary?
I don't think fixing the handful of security issues that were publicly disclosed is enough, to be honest. I don't know how else to put this; I am truly grateful for the amazing work you've done on all those projects. I have used procmail myself extensively, probably for almost two decades, before switching away, and it was amazing for the time I used it. But software security has changed a lot in the past 20 years. Even C has moved on. The current codebase is littered with things like strcpy and difficult to parse macros. The coding style is historically interesting, but would be rather surprising to many reviewers. With my security researcher hat on, I am confident there are still significant security issues in procmail, even with the fixes committed to the git repository you have pointed out. I do not believe that, in its current state, procmail should be shipped in the next Debian release, let alone with SUID bits by default. So while it's interesting that you are making procmail active again, maybe we could be careful about including it in the next Debian release? Let's see if it can be brought back to shape and deal with the modern threats email servers are currently faced with. I don't mean to necessarily completely remove procmail from Debian if it eventually finds its way towards a more secure and maintainable codebase, but I strongly feel it's not fit for release in its current shape. Thank you for your understanding, a.
