>>Who knows what the root-shell-giving security hole is in Sendmail 8.6.12 >>that was incompletely patched in 8.7, and (supposedly) finally patched >>in 8.7.1? > >I wonder if the attack is still possible if there is a "smrsh" shell >installed instead of "sh" in sendmail.cf ? Yes. The syslog() hole exploits don't care whether you have installed smrsh or not. The only thing that helps is a patched syslog(), something you'll need anyway for your other daemons, or sendmail 8.7.1 and that only works if you have a syslog() with an internal buffersize with 1024 bytes (i.e., if you haev a smaller interner buffer, you may be out of luck anyway) Casper