Or you can attack a running process
sendmail runs all the time, as root
And sendmail is incredibly complicated
And poorly-written
Typical attack: "buffer overflow"
