From owner-freebsd-questions@FreeBSD.ORG  Wed Dec 14 03:51:07 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 23B2816A41F
	for <freebsd-questions@freebsd.org>;
	Wed, 14 Dec 2005 03:51:07 +0000 (GMT)
	(envelope-from steinex@scott.blazing.de)
Received: from scott.blazing.de (scott.blazing.de [80.86.187.157])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BDF3C43D46
	for <freebsd-questions@freebsd.org>;
	Wed, 14 Dec 2005 03:51:06 +0000 (GMT)
	(envelope-from steinex@scott.blazing.de)
Received: by scott.blazing.de (Postfix, from userid 508)
	id D5E83752EA; Wed, 14 Dec 2005 04:51:04 +0100 (CET)
Date: Wed, 14 Dec 2005 04:51:04 +0100
From: Frank Steinborn <frank@ircnow.org>
To: freebsd-questions@freebsd.org
Message-ID: <20051214035104.GA27949@scott.blazing.de>
Mail-Followup-To: freebsd-questions@freebsd.org
References: <439F9533.5030002@sbcglobal.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <439F9533.5030002@sbcglobal.net>
User-Agent: Mutt/1.5.10i
Subject: Re: IMAP-UW Security question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2005 03:51:07 -0000

Jose Borquez wrote:
> SECURITY REPORT:
>      This port has installed the following binaries which execute with
>      increased privileges.
> /usr/local/libexec/mlock
> 
> What can I do to minimize this security risk?  Do I create an mlock user?

In fact, every port that installs a suid-binary will show this warning.
Creating a user won't help, mlock will run as root (that is what it's
about). Just keep the port up-to-date and it's ok.

Frank