There is a bug in the Linux kernel capability model for versions
through 2.2.15 that allows local users to get root. Sendmail is
one of the programs that can be attacked this way. This problem
may occur in other capabilities-based kernels.
(See http://www.sendmail.org/sendmail.8.10.1.LINUX-SECURITY.txt )
I wonder, when are you going to launch a new kernel RPM with the latest
kernel and another RPM with sendmail 8.10.2 ? Sendmail.org highly
recommends to upgrade to 8.10.2.
Nowadays I cannot upgrade to sendmail 8.10.2 (to filter spammers more
efficiently) without actually downloading, compiling and installing the
latest kernel, which is for me and for the average user with an average
internet connection, overwhelming for the least.
If I can contribute with you in any way, let me know.
I hope that the new kernel .rpm release will include the latest AIC driver and
the floating-point context error fix? Thanx, Doug!