>>>>> "RH" == Ronald Hahm <email@example.com> writes:
RH> Is it supposed to be configured such that wrapper has it's setuid bit
RH> turned on and ownership to root?
It must be such, except on some non-POSIX systems. The MTA does not run
spawned processes as the majordomo user; instead it runs them either as
root, daemon, or the sending user (if local). You absolutely have to have
a setuid mechanism in place.
RH> I am concerned about the potential security hole that this creates?
Well, the source code is short, so go look at it. It changes UID
immediately, destryos the calling environment and limits the executables to
a single directory. I don't think there's anything else that can be done
to improve its security, although you are welcome to try to find holes.