not sure who wrote: > yes there is a bug in /bin/mail - if it is setuid root (ie: used as a > delivery agent) it can be exploited to gain root access. there was an ... > u-s /bin/mail, install either procmail or the mail.local (which i have > yet to find anywhere, procmail is easy to find... (i forget where.. > archie is your friend), and then edit your Mlocal line in > /etc/sendmail.cf to be procmail instead of /bin/mail Could someone post some suitable lines with proper flags to give procmail that I could include in sendmail.cf ? We run sendmail 8.6.9 on sunos 4.1.3, and we have procmail already installed. Jim Ault, CS Sysadmin, SUNY Albany, NY 12222 USA ault@cs.albany.edu <><