> We have written an example exploit to overwrite syslog(3)'s > internal buffer using SunOS sendmail(8). A quick look at the FreeBSD-current syslog.c and the latest sendmail source suggests that a) turning off mail.debug logging in /etc/syslog.conf will protect you (from this particular exploit) b) sendmail 8.6.6 and later take care not to log long strings and may be safe (from this particular exploit). Can anyone confirm or refute? Tim -- Tim Rylance <tkr@puffball.demon.co.uk>