SMRSH ALONE IS NOT A SECURE SOLUTION

Regarding smrsh, it is only as secure as you can make it. By specifying no
programs, you might as well make the prog mailer /bin/false. By specifying
everything, you might was well not in have smrsh.

The problem is the borderline: procmail and filter, two popular mail
filtering programs (the latter of which comes with elm, so you might not
even be aware you have installed it), allow you to perform any command
upon any their input, and you can control what rules file they access
from the command line. This means that an envelope From could be:

	MAIL FROM: /usr/local/bin/filter -f /tmp/filt

And /tmp/filt, the elm filter rules file, could be:

	if always execute /usr/ucb/tail|/bin/sh

And then you're back to square one, once a cracker discovers this. I
don't think it's necessary to do a full example for this one; merely
change the MAIL FROM: line in my telnet example and this will work.
It should be noted that the smrsh procmail/filter holes require
the cracker to have write access to a your machine in a place
readable by uid daemon.

Therefore, IF YOU USE AN UNMODIFIED SMRSH, YOUR SENDMAIL IS STILL
VULNERABLE!!!