From owner-freebsd-ports@freebsd.org  Mon Dec 11 19:34:27 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3C1FAE9BF43
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Mon, 11 Dec 2017 19:34:27 +0000 (UTC)
 (envelope-from guru@unixarea.de)
Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EDBC3753FC
 for <freebsd-ports@freebsd.org>; Mon, 11 Dec 2017 19:34:26 +0000 (UTC)
 (envelope-from guru@unixarea.de)
Received: from [77.190.66.157] (helo=localhost.unixarea.de)
 by ms-10.1blu.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.86_2) (envelope-from <guru@unixarea.de>)
 id 1eOTqI-000866-GC; Mon, 11 Dec 2017 20:34:22 +0100
Received: from localhost.my.domain (localhost [127.0.0.1])
 by localhost.unixarea.de (8.15.2/8.14.9) with ESMTPS id vBBJYGSS003404
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Mon, 11 Dec 2017 20:34:16 +0100 (CET)
 (envelope-from guru@unixarea.de)
Received: (from guru@localhost)
 by localhost.my.domain (8.15.2/8.14.9/Submit) id vBBJYFF2003403;
 Mon, 11 Dec 2017 20:34:15 +0100 (CET)
 (envelope-from guru@unixarea.de)
X-Authentication-Warning: localhost.my.domain: guru set sender to
 guru@unixarea.de using -f
Date: Mon, 11 Dec 2017 20:34:15 +0100
From: Matthias Apitz <guru@unixarea.de>
To: Warren Block <wblock@wonkity.com>
Cc: freebsd-ports@freebsd.org
Subject: Re: Procmail Vulnerabilities check
Message-ID: <20171211193415.GA3314@c720-r314251>
Reply-To: Matthias Apitz <guru@unixarea.de>
Mail-Followup-To: Matthias Apitz <guru@unixarea.de>,
 Warren Block <wblock@wonkity.com>, freebsd-ports@freebsd.org
References: <fb3d23c5-e32d-452a-a0c3-c3cb12340054@cloudzeeland.nl>
 <a66d1c33-e405-d9e8-d9c3-2738b5e66887@cloudzeeland.nl>
 <alpine.BSF.2.21.1712080956580.41281@wonkity.com>
 <20171208180905.GA96560@troutmask.apl.washington.edu>
 <alpine.BSF.2.21.1712081111070.41281@wonkity.com>
 <20171208193011.GA2203@c720-r314251>
 <alpine.BSF.2.21.1712081511530.41281@wonkity.com>
 <20171208223849.GA2171@c720-r314251>
 <65cf5e92-948e-4aff-857b-539cbae290b4@unixarea.de>
 <alpine.BSF.2.21.1712111118470.98435@wonkity.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="+QahgC5+KEYLbs62"
Content-Disposition: inline
In-Reply-To: <alpine.BSF.2.21.1712111118470.98435@wonkity.com>
X-Operating-System: FreeBSD 12.0-CURRENT r314251 (amd64)
X-message-flag: Mails containing HTML will not be read!  Please send only
 plain text.
User-Agent: Mutt/1.8.0 (2017-02-23)
X-Con-Id: 51246
X-Con-U: 0-guru
X-Originating-IP: 77.190.66.157
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2017 19:34:27 -0000


--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

El d=C3=ADa lunes, diciembre 11, 2017 a las 11:26:44a. m. -0700, Warren Blo=
ck escribi=C3=B3:

> > Warren, you have not got my point: Why specfying '-d ${USER}' is requir=
ed in=20
> > a per user file in its HOME?

The maildrop is started as the user 'foo' by a line in a file ~foo/.forward,
as you say:

maildrop -d foo

and this '-d foo' is IMHO completely superfluous, because the maildrop coul=
d do
by its own a getuid(2) and a user 'foo' will never run (and perhaps can
not run due to lack of permissions) something like '-d bla'.

Do you copy me?

	matthias


--=20
Matthias Apitz, =E2=9C=89 guru@unixarea.de, =E2=8C=82 http://www.unixarea.d=
e/  =F0=9F=93=B1 +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEXmn7rBYYViyzy/vBR8z35Hb+nREFAlou3bQACgkQR8z35Hb+
nREysBAAqX9EiwodRGt293tBM+mOvBplKzRw05l93nJHed78a1TcaphMmuUCAnH1
XkIe4/q4Xn9Cp/2d0ZWVKCZh7cnJ6fyy5GVpcmVTqpRU/hnshS+KovDcwG1dMT04
+4TH1OLD3VTib3N5ABHJ+mHkcHp/PLg0W+nzUlQswrWBGJE4uW+560voZM38gJs0
ObD1Pg5nZUOIsAFh7eU2LOc+PANUeQDLEUXPrwU6MdrbUGYVdwQITUsnDwb5rcV3
+g/V4nciU8XLMRL1mw6V1hWqHTHtkBHJm//w1JtWZGWi8S4ITkUtFTax8RlymyFm
aCcn7U24CkJOQPeRdI9Oz7cmyGIgil0spEojffVq7hhHdJ4cpxORTeLDrI2ai0qu
voVhVeQgF0mQh19ZyWG67G1AAwa8eKppfZQ1R02XbTP0yZIaPz63lRMpi2CtwK71
13fS4TkerE+S7hBGwW91QrWBlTNaZsuuEo29PEIt1F+5pZyndOmlFJ1miV8bnV5O
Go2IE4mnhr3G6W/O098mPMHCWEf2TUS0NflS6y99M9WYL1Udihu31hN8c721iglN
uokcSNP5/pbXWM2+jvUrsSBYfuhJ4ce8sytY7zuGheF35y2SfgXo00qtmqI9w9Tz
VgttjZaNLrOtD0QzhKz4AVSP7x85SDZt+MDVtGON4Tc1WajY/oo=
=pgcw
-----END PGP SIGNATURE-----

--+QahgC5+KEYLbs62--