There is a bug in the Linux kernel capability model for versions through 2.2.15 that allows local users to get root. Sendmail is one of the programs that can be attacked this way. This problem may occur in other capabilities-based kernels. (See http://www.sendmail.org/sendmail.8.10.1.LINUX-SECURITY.txt ) I wonder, when are you going to launch a new kernel RPM with the latest kernel and another RPM with sendmail 8.10.2 ? Sendmail.org highly recommends to upgrade to 8.10.2. Nowadays I cannot upgrade to sendmail 8.10.2 (to filter spammers more efficiently) without actually downloading, compiling and installing the latest kernel, which is for me and for the average user with an average internet connection, overwhelming for the least. If I can contribute with you in any way, let me know. Many thanks Claudio Pacciarini clau.ar
I hope that the new kernel .rpm release will include the latest AIC driver and the floating-point context error fix? Thanx, Doug!
http://www.redhat.com/support/errata/RHSA-2000-037-05.html