All imapd files that should be suid/sgid installed as uid/gid = root, so they are suid/sgid root. This is a %defattr(-,root,root) in .spec, need explicit entry for each suid/sgid file.
Ops, forget to mention -- the same is in all versions of it, not only 6.2. It is also at current (30-may-2000) rawhide. And there is also 1.6.24 version already (and sasl-1.5.21).
Cyrus should not be setuid-root. Cyrus imapd runs as a dedicated user, and cannot be run setuid-root (it returns an error if it's started as any other user, including root).
Yes, you are right, but this what I tell about. After installing cyrus-imapd-1.6.19-2: $ ls -l /usr/cyrus/bin/ total 2988 -rwxr-xr-x 1 root root 63696 Feb 11 19:21 arbitron* -rwxr-xr-x 1 root root 582416 Feb 11 19:21 collectnews* -rwsr-x--- 1 root root 638888 Feb 11 19:21 deliver* ^^ ^^^^^^ ^^^^^^ -rwxr-sr-x 1 root root 3608 Feb 11 19:21 deliver-wrapper* ^^ ^^^^^^ ^^^^^^ -rwxr-xr-x 1 root root 63440 Feb 11 19:21 dump_deliverdb* -rwxr-xr-x 1 root root 1778 Feb 11 19:21 feedcyrus* -rwxr-xr-x 1 root root 64144 Feb 11 19:21 fud* -rwxr-xr-x 1 root root 650384 Feb 11 19:21 imapd* -rwxr-xr-x 1 root root 63248 Feb 11 19:21 mbpath* -rwxr-xr-x 1 root root 79216 Feb 11 19:21 pop3d* -rwxr-xr-x 1 root root 65648 Feb 11 19:21 quota* -rwxr-xr-x 1 root root 582352 Feb 11 19:21 reconstruct* -rwxr-xr-x 1 root root 64560 Feb 11 19:21 syncnews* -rwxr-xr-x 1 root root 58928 Feb 11 19:21 timsieved* $ _
This will be fixed in Raw Hide.