In processing a ~/.forward file or a :include: file, a question arises when group or world write permission is enabled. Should sendmail trust the addresses found in such files? Clearly the answer is "no" when world write permission is enabled. But what of group write permission?

Beginning with V8.8 sendmail, the decision of whether to trust group write permission is left to the UnsafeGroupWrites option, which looks like this:

O UnsafeGroupWrites=bool              configuration file (V8.8 and later) 
-OUnsafeGroupWrites=bool              command line (V8.8 and later) 
define(`confUNSAFE_GROUP_WRITES',bool)    mc configuration (V8.7 and later) 

The optional argument bool, when missing, defaults to true (check for unsafe group write permission). If this option is missing entirely, it defaults to false (don't check for unsafe group write permission).

With this option set to true, a ~/.forward file or a :include: file with group or world writability will result in one of these four errors being logged:

filename: group writable forward file, marked unsafe
filename: world writable forward file, marked unsafe
filename: group writable include file, marked unsafe
filename: world writable include file, marked unsafe

Any address in the file that is a file or a program will result in a bounce and this message:

Address address is unsafe for mailing to programs
Address address is unsafe for mailing to files

Beginning with V8.10, sendmail uses this option only to set the GroupWritableForwardFileSafe (See this section) and GroupWritableIncludeFileSafe (See this section) items in conjunction with the DontBlameSendmail option, and so has been deprecated.

The UnsafeGroupWrites option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.