-HASSETEUID Define this if you have seteuid(2) ***AND*** root can use
- it to change to an arbitrary user. This second condition
- is not satisfied on AIX 3.x. You may find that
- your system has setreuid(2) or setresuid(2), in which
- case you will also have to #define seteuid(uid) to be
- the appropriate call. The important thing is that you
- have a call that will set the effective uid and NOT
- set the real or saved uid. Setting this improves the
- security somewhat, since sendmail doesn't have to read
- .forward and :include: files as root.
+HASSETREUID Define this if you have setreuid(2) ***AND*** root can
+ use setreuid to change to an arbitrary user. This second
+ condition is not satisfied on AIX 3.x. You may find that
+ your system has setresuid(2), (for example, on HP-UX) in
+ which case you will also have to #define setreuid(r, e)
+ to be the appropriate call. Some systems (such as Solaris)
+ have a compatibility routine that doesn't work properly.
+ The important thing is that you have a call that will set
+ the effective uid independently of the real or saved uid.
+ Setting this improves the security somewhat, since
+ sendmail doesn't have to read .forward and :include: files
+ as root.