Subject: Re: localhost security hole
To: None <>
From: David Porowski <>
List: tech-security
Date: 06/28/2003 23:20:53
Sorry to be a "butinski", but I feel compelled to reply
to this thread.  As a user who is frequently "untethered",
(laptop) and also security conscience, I would consider the
following points:

1)  never run sendmail as a daemon
2)  never run sendmail as suid root
3)  always configure nsswitch as: hosts: files dns
4)  always chmod /etc/hosts as 0666
5)  always use localhost.domain localhost

IMHO, root mail should, by default, only go to the
local machine.  Any management changes for network
mail collection can always be scp pushed to these
machines.  DNS can be spoofed, and your first line
of defense is what you have the closest control of.

I have been a bit busy to step up to 1.6 (now 1.6.1?),
and so cannot comment on what sysinst currently can
or cannot do.  I can comment however on sendmail:  it
is the grandfather of all mail programs, and carries
some interesting (and arcane) baggage.  Perhaps it is
time to offer an alternative mail program, like qmail.

Just my $00.02 worth.

David Porowski

Rick Kelly wrote:

> Andrew Brown said:
> >sendmail knows to deliver to "localhost".  it looks up "localhost" and
> >finds  when it attempts delivery there, it also looks up
> > so that it can put a canonicalized name in the
> >logs.  in your case, that maps to "".  you
> >need to fix that, but i don't believe it's a problem.
> Or to put it a little differently. If you don't have a localhost zone
> in your DNS configuration, then your DNS is broken.
> --
> Rick Kelly