Subject: Re: localhost security hole
To: Alan Barrett <>
From: Dean Strik <>
List: tech-security
Date: 06/28/2003 16:33:41
Alan Barrett wrote:
> The default tries to handle "localhost" as a special case.
> It seems to be getting it wrong somehow.  I think we should find out why
> and fix it.
> We should also check whether postfix has a similar problem.

It will have this 'problem'. It appends the domain to every non-FQDN
unless you explicitly postfix not to (append_dot_mydomain = no).
Without looking at sendmail, I think sendmail will do the same.

I think adding localhost.dom.ain to /etc/hosts is the way to go.

Dean C. Strik             Eindhoven University of Technology  |  |
"This isn't right. This isn't even wrong." -- Wolfgang Pauli