Mar 032022
 

TL;DR: procmail is a security liability and has been abandoned
upstream for the last two decades. If you are still using it, you
should probably drop everything and at least remove its SUID
flag. There are plenty of alternatives to chose from, and conversion
is a one-time, acceptable trade-off. Procmail is unmaintained procmail is unmaintained. The “Final release”, according to
Wikipedia, dates back to September 10, 2001 (3.22). That release
was shipped in Debian since then, all the way back from Debian 3.0 “woody”, twenty years ago. Debian also ships 25 uploads on top of this, with 3.22-21 shipping the “3.23pre” release that has been rumored since at least the November
2001, according to debian/changelog at least: procmail (3.22-1) unstable; urgency=low * New…

External feed Read More at the Source: https://anarc.at/blog/2022-03-02-procmail-considered-harmful/

 2022-03-03

Sorry, the comment form is closed at this time.