Although sendmail tries to be very safe about how it runs programs from the aliases(5) and ~/.forward files (Section 12.2.3), it still can be vulnerable to some internal attacks. To limit the selection of programs that sendmail is allowed to run, V8 sendmail includes source and documentation for the smrsh (sendmail restricted shell) program. See Section 5.8 for a full description of the smrsh program.