John Kohl writes:
> I'm getting tired of new-and-different sendmail holes arriving every so
> often.
> 
> How difficult would it be to make sendmail run as an unprivileged user?

That wouldn't have fixed the problem that just popped up -- it was
really a syslog(3) problem.

> Give it rights to deliver mail locally (through a privileged delivery
> agent which can be many fewer lines of code and easier to audit), throw
> it in a chroot-ed environment, and don't let it out of its cage.
> 
> That should reduce the potential exposure to just destroying/stealing
> local mailboxes.  Can folks live without .forward files piping mail to
> an agent and/or other random-execution paths?

People talk about this sort of thing all the time. In general, I'd say
its a good idea, but truly I think a lot more ought to be fixed at the
same time...

.pm