> How difficult would it be to make sendmail run as an unprivileged user?

On a firewall system - not hard at all.

I use smap/smapd to receive smtp from the Internet, and sendmail is
run on the queue.

I'm not sure whether one could craft a message to travel through smap
in such a way that when sendmail is run on it the syslog bug can be
exercised - guess I'll have to give it a try... but if sendmail is
running as nobody and/or chrooted, then not much harm would be done
anyway.

Now for a general use machine you'd have a lot of work to do.

--sjg