> I'm not sure whether we are talking about the same thing: there > hasn't been > a CERT advisory on this (yet). You're right; what I remember reading was at sendmail.com and it was extremely incomplete at the time. It is user-exploitable, ah well. Just goes to show that capabilities in Linux are about as useful as oxygen masks in airplanes, but I digress. -- g