The 02.12.01 at 11:01, Nick Selby wrote:
On Sunday 01 December 2002 10:49, James Ogley wrote:
Since I am using procmail, which I think is an MDA, this would make sense. But the question about why Debian thinks it's unsafe still remains. I guess I'm just trying to find out what risk I've accepted by doing it!
Running *anything* as root is potentially dangerous
Okay, that's basically what I thought. I did a google search to see if there were specific examples of people who had lost their homes and savings after running fetchmail as root and didn't come across many, but the point is taken.
Suse reported such a problem last september: - fetchmail Fetchmail contains remotely exploitable overflows in the mail header parsing functions. In depth discussion of these problems can be found at http://security.e-matters.de/advisories/032002.html. New packages will soon be available on our ftp servers. -- Cheers, Carlos Robinson