> Does anybody know details of the security hole(s) in 8.6.9 fixed in > 8.6.10? I intend to diff 8.6.10 against what I'm currently running, to see. But the reason for this post is to point out a problem that should concern anyone who turns on the ident code: it may not work. daemon.c contains the following sequence: /* send query */ if (write(s, hbuf, strlen(hbuf)) < 0) goto closeident; /* get result */ i = read(s, hbuf, sizeof hbuf); (void) close(s); This is broken because it assumes that a single read() will pick up the entire response. Thus, if you use this your sendmail may well fail to get the reply from the daemon, even if the daemon is non-hostile and correctly functioning. I've sent a note to sendmail@cs.berkeley.edu about this; if you want to patch it in your copy, dropping this loop in inline in place of the read() should do it: { int left; char *hbp; int n; hbp = &hbuf[0]; left = sizeof(hbuf); while (1) { n = read(s,hbp,left); if (n < 0) { i = -1; break; } if (n == 0) { i = hbp - &hbuf[0]; break; } hbp += n; left -= n; } } It's true that sendmail will fail in the correct direction - discarding valid information is better than believing trash - but still, throwing away useful security traceback info because someone was too lazy to write a proper loop to read from the net is pretty bogus. der Mouse mouse@collatz.mcrcim.mcgill.edu